{ "Event": { "analysis": "2", "date": "2019-12-20", "extends_uuid": "", "info": "OSINT - TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking", "publish_timestamp": "1576855586", "published": true, "threat_level_id": "1", "timestamp": "1576855575", "uuid": "5dfce305-c520-4a71-9094-47c702de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"TA505\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854301", "to_ids": false, "type": "link", "uuid": "5dfce31d-72a0-4da4-9eb9-9a0402de0b81", "value": "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/" }, { "category": "Network activity", "comment": "WinDef Download URL", "deleted": false, "disable_correlation": false, "timestamp": "1576854380", "to_ids": true, "type": "url", "uuid": "5dfce36c-7cbc-46d0-896f-8bb502de0b81", "value": "http://96.9.211.157/sdf4r3r3/WinDef.msi" }, { "category": "Network activity", "comment": "Predator C2", "deleted": false, "disable_correlation": false, "timestamp": "1576854380", "to_ids": true, "type": "url", "uuid": "5dfce36c-ba98-465b-84b9-8bb502de0b81", "value": "https://soul-fly.xyz/api/gate.get" }, { "category": "Network activity", "comment": "LDR_5622 URL1", "deleted": false, "disable_correlation": false, "timestamp": "1576854380", "to_ids": true, "type": "url", "uuid": "5dfce36c-478c-4cd0-8a28-8bb502de0b81", "value": "https://artrolife.club/fhj37f34fdd/file1.exe" }, { "category": "Network activity", "comment": "LDR_5622 URL2", "deleted": false, "disable_correlation": false, "timestamp": "1576854380", "to_ids": true, "type": "url", "uuid": "5dfce36c-2118-4510-90a4-8bb502de0b81", "value": "http://supremeconnect.xyz/fdfg83574gd/file2.exe" }, { "category": "Network activity", "comment": "Team Viewer Panel", "deleted": false, "disable_correlation": false, "timestamp": "1576854380", "to_ids": true, "type": "url", "uuid": "5dfce36c-6728-4ac9-aa75-8bb502de0b81", "value": "http://0926tv.xyz/mystt34834ujf37data/" }, { "category": "Network activity", "comment": "ServHelper NetSupport", "deleted": false, "disable_correlation": false, "timestamp": "1576854380", "to_ids": true, "type": "url", "uuid": "5dfce36c-80f0-4c21-99d5-8bb502de0b81", "value": "http://gabardine.xyz/log.txt" }, { "category": "Network activity", "comment": "ServHelper NetSupport", "deleted": false, "disable_correlation": false, "timestamp": "1576854380", "to_ids": true, "type": "url", "uuid": "5dfce36c-d5f4-42b3-be96-8bb502de0b81", "value": "http://kuarela.xyz/1.txt" }, { "category": "Network activity", "comment": "ServHelper NetSupport", "deleted": false, "disable_correlation": false, "timestamp": "1576854380", "to_ids": true, "type": "url", "uuid": "5dfce36c-01b4-46b5-ad90-8bb502de0b81", "value": "http://foxlnklnk.xyz/pf1.txt" }, { "category": "Network activity", "comment": "ServHelper NetSupport", "deleted": false, "disable_correlation": false, "timestamp": "1576854381", "to_ids": true, "type": "url", "uuid": "5dfce36d-f82c-4402-91d8-8bb502de0b81", "value": "http://cafafafa.xyz/pf1.txt" }, { "category": "Network activity", "comment": "ServHelper NetSupport", "deleted": false, "disable_correlation": false, "timestamp": "1576854381", "to_ids": true, "type": "url", "uuid": "5dfce36d-a700-44a4-a66e-8bb502de0b81", "value": "http://letitbe.icu/2.txt" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-85d4-411c-9374-8ba102de0b81", "value": "9aa1b6bb7d53b008b6529b4a2f6bfada" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-38f8-47e2-a063-8ba102de0b81", "value": "a2e77ee41f4d4d3e8814d07d26ec5be3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-3ce4-4157-8ab1-8ba102de0b81", "value": "77f46b13d858f83c3ce5bdc6ffbc8a95" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-da10-4a2b-b7f2-8ba102de0b81", "value": "de70f256b9fd194f6844d7aa81b17b4e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-b084-4b29-8b05-8ba102de0b81", "value": "6954cee9db2533337e4425aceacc547b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-9d58-4ccf-90fd-8ba102de0b81", "value": "a606d454b408b99aa9fc7ad774951621" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-6d9c-472f-a1cf-8ba102de0b81", "value": "92cc85c53e169b330fd8686d35259261" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-e0b4-451b-bb30-8ba102de0b81", "value": "a511410d5889fca07a0dd0a8c84d6c8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "5dfce5c9-ce2c-4e36-a19e-8ba102de0b81", "value": "c3c226ec03f393103b9df764df50f0bc" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855002", "uuid": "7c234dae-875e-49ec-adb2-43a8033db0e0", "ObjectReference": [ { "comment": "", "object_uuid": "7c234dae-875e-49ec-adb2-43a8033db0e0", "referenced_uuid": "0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-8874-4a24-b470-498e02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "f63f94a6-8b24-461d-bf43-081693430411", "value": "de70f256b9fd194f6844d7aa81b17b4e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "af817e6e-6d1d-469f-8a6d-f7089b177f8c", "value": "8c14b7bc7d0f132b4a00062ebc84eca98074eb06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "606ff880-d609-456c-9f8e-ec5ca0b95923", "value": "ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855002", "uuid": "0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "a5271e19-09e7-404f-9171-76cd45767dfc", "value": "2019-10-01T14:13:53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "61098a77-079f-4c1c-8c07-2e426ff525e8", "value": "https://www.virustotal.com/file/ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2/analysis/1569939233/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "5d708598-582e-4e90-b781-495f5bef2a27", "value": "42/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855002", "uuid": "69638f44-509c-45ab-80fc-97514283b206", "ObjectReference": [ { "comment": "", "object_uuid": "69638f44-509c-45ab-80fc-97514283b206", "referenced_uuid": "9f3593c3-2cb3-4192-a97e-5722f1e1ae4d", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-8900-4e9e-ba63-49b802de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "9673fb2f-ef66-4c28-afba-1eb493bed6b7", "value": "a511410d5889fca07a0dd0a8c84d6c8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "e90ed67c-a4d5-4569-a49d-be7572d5f164", "value": "c470685e7f2b4c1c1ff5a544824becef1f81c0de" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "4df48e0a-3cb8-45d3-bb74-0219110c7869", "value": "1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855003", "uuid": "9f3593c3-2cb3-4192-a97e-5722f1e1ae4d", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "948e4fae-219b-42ce-8ba9-44a92f8a3ae7", "value": "2019-12-03T04:36:27" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "ac8f3242-6e1d-468d-8fc0-a841bdcec64d", "value": "https://www.virustotal.com/file/1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a/analysis/1575347787/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "1b012b4e-a10b-4681-9094-735f8272c584", "value": "37/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855003", "uuid": "bf7c8c32-31da-4197-998f-95a2eda8b415", "ObjectReference": [ { "comment": "", "object_uuid": "bf7c8c32-31da-4197-998f-95a2eda8b415", "referenced_uuid": "c4a78b93-68c9-4dfc-940d-72bcb366da12", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-c070-47e6-abda-4d8802de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "04389c5f-53bf-4f98-bef1-3a9962179f91", "value": "9aa1b6bb7d53b008b6529b4a2f6bfada" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "0637bcc2-5f25-4980-88e9-87fa3a6f8bc4", "value": "e764a66692df3ecbfae0660a1d1e567be20e034d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "b34bb93a-36a8-4067-9446-89d79530ee69", "value": "d83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855003", "uuid": "c4a78b93-68c9-4dfc-940d-72bcb366da12", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "dfe11c11-1352-4103-89f1-ecac42bf7a8b", "value": "2019-11-15T10:55:08" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "536eee81-3ea3-4fb6-a0db-389783a109f2", "value": "https://www.virustotal.com/file/d83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2/analysis/1573815308/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "c3ef49b9-4ed9-43b6-a1cd-cc2163ffd434", "value": "26/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855003", "uuid": "94aaa7da-30e3-49e8-93a2-379fea74854b", "ObjectReference": [ { "comment": "", "object_uuid": "94aaa7da-30e3-49e8-93a2-379fea74854b", "referenced_uuid": "92edb5af-e2af-4ff2-866d-9a9c87a75b8f", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-78e0-4edd-9893-45e602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "a3883037-0432-44c2-aea2-9345ff7e163c", "value": "c3c226ec03f393103b9df764df50f0bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "2f71a7d5-b559-412b-950a-5dfb167008db", "value": "177f891063569d82f85fc931a5254f0c5acbee9f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "725dd7f1-7378-4ba9-8d27-cf9ab2314852", "value": "c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855003", "uuid": "92edb5af-e2af-4ff2-866d-9a9c87a75b8f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "e6c3486c-c499-4a99-b7b7-b2f48f92ee34", "value": "2019-09-26T19:39:42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "461ef55a-d9a5-4fb0-8e0b-1a04e2903a0f", "value": "https://www.virustotal.com/file/c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0/analysis/1569526782/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "671ac72d-aad7-426c-aa5d-0dabfe885696", "value": "10/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855004", "uuid": "71982da2-49c2-49f4-95eb-e45f05d9f424", "ObjectReference": [ { "comment": "", "object_uuid": "71982da2-49c2-49f4-95eb-e45f05d9f424", "referenced_uuid": "b5df2442-478c-4296-b836-bab32bb0fc67", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-d88c-4058-970f-44a802de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "111b9e6c-6c4c-41c7-8338-ea6a0a380bbe", "value": "6954cee9db2533337e4425aceacc547b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "c80dfb3d-da97-4e59-92ee-442143e008b6", "value": "da3973333643735f740f832ebb914faedc3385fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "8c718287-d13b-4e05-b348-247ca84a5722", "value": "70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855004", "uuid": "b5df2442-478c-4296-b836-bab32bb0fc67", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "7d9d833a-6c37-41f1-9a3b-687e60b43784", "value": "2019-10-03T06:11:45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "b13d1871-894a-46c6-a401-61de32ac5d85", "value": "https://www.virustotal.com/file/70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72/analysis/1570083105/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "da84ee46-40da-4f54-8200-940c0eb3cde2", "value": "37/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855004", "uuid": "3b6714ab-d534-449f-8eae-856904fe477b", "ObjectReference": [ { "comment": "", "object_uuid": "3b6714ab-d534-449f-8eae-856904fe477b", "referenced_uuid": "22c0164b-71a4-4a76-b04e-ed9894751cae", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-1b84-443d-bbf6-45e102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "37a4b726-088f-4275-9815-61392d6c874e", "value": "a2e77ee41f4d4d3e8814d07d26ec5be3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "e471fc42-7759-4f29-9240-6b7721b616fd", "value": "e07292223d53785c61e4d4e33126e71d69527cbd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "e1864cd2-1575-4d8b-9969-66eaa56ba012", "value": "1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855004", "uuid": "22c0164b-71a4-4a76-b04e-ed9894751cae", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "2dccaf5f-a350-4c18-94b1-aaf6f4bd97ff", "value": "2019-12-03T04:36:19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "22ba39fc-e09e-4737-9e98-a71026bbbc33", "value": "https://www.virustotal.com/file/1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb/analysis/1575347779/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "7cd33bde-eca9-40b1-a030-151bf7acbab8", "value": "38/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855004", "uuid": "09a93a47-f8a4-4c0f-b36b-1f176b4434a8", "ObjectReference": [ { "comment": "", "object_uuid": "09a93a47-f8a4-4c0f-b36b-1f176b4434a8", "referenced_uuid": "c9c85791-3555-477e-9b9f-4ac28c080f8b", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-2fd8-4780-b3af-4f0702de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "af9cdc6b-167b-46c8-93c4-c08fdae726da", "value": "77f46b13d858f83c3ce5bdc6ffbc8a95" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "229ef9f8-e64f-4648-8a0e-803beccad895", "value": "d08b44e8aed3aa013827d5aeef901fed360c57fb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "54a9505c-57cb-488d-921f-3354592c813c", "value": "97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855004", "uuid": "c9c85791-3555-477e-9b9f-4ac28c080f8b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "998f01f8-1c0f-4c68-9923-148dd4525864", "value": "2019-09-27T17:09:02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "537c2145-8681-4e28-8c31-9ba67d642300", "value": "https://www.virustotal.com/file/97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf/analysis/1569604142/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "e8cb3e8f-e0c7-473f-a527-6e3e712a9a67", "value": "25/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855005", "uuid": "ea68f105-92dd-4589-ac6b-19c493f351cc", "ObjectReference": [ { "comment": "", "object_uuid": "ea68f105-92dd-4589-ac6b-19c493f351cc", "referenced_uuid": "66903195-a97f-4dcd-9282-66d1a8c48d53", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-37d4-4615-a14a-46fa02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "1fb21c50-fda7-4937-a29b-05c56b6d19ce", "value": "92cc85c53e169b330fd8686d35259261" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "8881e81f-7e84-4367-8d5f-2da9211bf3d0", "value": "4d30c482886f3369731914f6db4100e84fa8cf27" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "3cd0bd5e-4dbc-4001-b9b7-62e95d2b4c10", "value": "ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855005", "uuid": "66903195-a97f-4dcd-9282-66d1a8c48d53", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "d5d1c38a-ccc9-491d-812e-a5b0f06223ee", "value": "2019-12-14T05:52:55" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "e3f4fa91-809b-4420-8245-bf5f47417265", "value": "https://www.virustotal.com/file/ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248/analysis/1576302775/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "4a882389-39f1-47d2-b8fe-01c261f76fbf", "value": "53/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1576855005", "uuid": "f0b007bd-4038-4c0f-bb89-03e6f0e131f7", "ObjectReference": [ { "comment": "", "object_uuid": "f0b007bd-4038-4c0f-bb89-03e6f0e131f7", "referenced_uuid": "2ac81cf5-9a0c-4527-955d-02e0bd5eadd1", "relationship_type": "analysed-with", "timestamp": "1576855007", "uuid": "5dfce5df-e23c-420b-b208-4df802de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1576854985", "to_ids": true, "type": "md5", "uuid": "0d5e18e0-1101-439e-81f8-bc9da64525d8", "value": "a606d454b408b99aa9fc7ad774951621" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1576854985", "to_ids": true, "type": "sha1", "uuid": "aaea76c7-3165-478e-a6e8-83aed656882c", "value": "5963233ae8e9382178169a2efe236598dfc7466c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1576854985", "to_ids": true, "type": "sha256", "uuid": "ae9cac6b-a479-478f-be0b-01874780e2e4", "value": "c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1576855005", "uuid": "2ac81cf5-9a0c-4527-955d-02e0bd5eadd1", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1576854985", "to_ids": false, "type": "datetime", "uuid": "9d29948f-941b-4229-8319-2e1d7912082f", "value": "2019-10-07T10:31:06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1576854985", "to_ids": false, "type": "link", "uuid": "57bade74-adee-47a2-acb1-283f69e39be2", "value": "https://www.virustotal.com/file/c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715/analysis/1570444266/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1576854985", "to_ids": false, "type": "text", "uuid": "1cfe29e5-5c2b-48e3-b459-750ed560cd08", "value": "4/56" } ] } ] } }