{ "Event": { "analysis": "0", "date": "2020-01-23", "extends_uuid": "", "info": "OSINT - Iranian PupyRAT Bites Middle Eastern Organizations", "publish_timestamp": "1582700269", "published": true, "threat_level_id": "1", "timestamp": "1582700226", "uuid": "5e2a97e7-4bd4-41c4-8aaf-4262950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Pupy - S0192\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-tool=\"Pupy - S0192\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:tool=\"PupyRAT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"", "relationship_type": "" }, { "colour": "#12dc00", "local": false, "name": "misp-galaxy:threat-actor=\"Cleaver\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"OilRig\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT35\"", "relationship_type": "" }, { "colour": "#440055", "local": false, "name": "ms-caro-malware:malware-type=\"RemoteAccess\"", "relationship_type": "" }, { "colour": "#4bec00", "local": false, "name": "enisa:nefarious-activity-abuse=\"remote-access-tool\"", "relationship_type": "" }, { "colour": "#008ba9", "local": false, "name": "veris:asset:variety=\"S - Remote access\"", "relationship_type": "" }, { "colour": "#00bde6", "local": false, "name": "veris:action:misuse:vector=\"Remote access\"", "relationship_type": "" }, { "colour": "#001739", "local": false, "name": "ms-caro-malware-full:malware-type=\"RemoteAccess\"", "relationship_type": "" }, { "colour": "#5f0044", "local": false, "name": "CERT-XLM:malicious-code=\"spyware-rat\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "Hosting PowerShell stages of PupyRAT download", "deleted": false, "disable_correlation": false, "timestamp": "1580307698", "to_ids": true, "type": "ip-dst", "uuid": "5e3194f2-e0f0-432a-bc5d-aea2950d210f", "value": "139.59.46.154" }, { "category": "Network activity", "comment": "PupyRAT command and control server", "deleted": false, "disable_correlation": false, "timestamp": "1580307700", "to_ids": true, "type": "ip-dst", "uuid": "5e3194f4-98d0-4693-9695-aea2950d210f", "value": "89.107.62.39" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "first_seen": "2026-05-13T21:15:00+00:00", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "10", "timestamp": "1579852427", "uuid": "5e2a9a69-4f24-4f73-983b-478b950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "post", "timestamp": "1579851871", "to_ids": false, "type": "text", "uuid": "5e2a9a69-57e8-40b5-a0bb-4768950d210f", "value": "Thanks for reaching out @QW5kcmV3\r\n! Here is the report that mentions COBALT GYPSY use of the OST PupyRAT (https://secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations). Iran-nexus group overlaps are a fun challenge to deconstruct\u00e2\u20ac\u00a6Always appreciate the constructive feedback!\u00e2\u20ac\u00a6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "type", "timestamp": "1579851871", "to_ids": false, "type": "text", "uuid": "5e2aa05f-4cd0-4f9b-9d01-49de950d210f", "value": "Twitter" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "link", "timestamp": "1579851872", "to_ids": false, "type": "link", "uuid": "5e2aa060-7c98-4c40-9641-4b5f950d210f", "value": "https://mobile.twitter.com/maggintel/status/1220440024631644160" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "embedded-safe-link", "timestamp": "1579852427", "to_ids": false, "type": "link", "uuid": "5e2aa060-5a2c-4588-ba48-4f90950d210f", "value": "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations", "Tag": [ { "colour": "#002b4a", "local": false, "name": "osint:source-type=\"technical-report\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "embedded-safe-link", "timestamp": "1579851872", "to_ids": false, "type": "link", "uuid": "5e2aa060-8c70-4462-8ead-45bf950d210f", "value": "https://t.co/NP4e8FXfKI?amp=1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "username-quoted", "timestamp": "1579851872", "to_ids": false, "type": "text", "uuid": "5e2aa060-9c48-4326-96bd-4301950d210f", "value": "@QW5kcmV3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "verified-username", "timestamp": "1579851872", "to_ids": false, "type": "text", "uuid": "5e2aa060-1864-4154-9d99-43e1950d210f", "value": "Unverified" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "state", "timestamp": "1579851872", "to_ids": false, "type": "text", "uuid": "5e2aa060-e708-4e1f-8e34-4e22950d210f", "value": "Informative" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2026-05-13T21:15:00+00:00", "object_relation": "username", "timestamp": "1579851872", "to_ids": false, "type": "text", "uuid": "5e2aa060-e184-4c09-afb0-4b1d950d210f", "value": "maggintel" } ] }, { "comment": "Associated organization : National Technology Group, a Saudi Arabian telecommunications company", "deleted": false, "description": "A domain and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "6", "timestamp": "1582700226", "uuid": "5e3187c7-9b64-4c78-b33f-1c2f950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1580304327", "to_ids": true, "type": "ip-dst", "uuid": "5e3187c7-da78-4519-9745-1c2f950d210f", "value": "45.32.186.33" }, { "category": "Network activity", "comment": "Spoofed domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1580304327", "to_ids": true, "type": "domain", "uuid": "5e3187c7-3ca8-4aaf-94b0-1c2f950d210f", "value": "ntg-sa.com" }, { "category": "Network activity", "comment": "Legitimate domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1582700226", "to_ids": false, "type": "domain", "uuid": "5e3187c7-8cf0-4571-b695-1c2f950d210f", "value": "ntg.com.sa" } ] }, { "comment": "Associated organization : ITWorx, an Egyptian information technology services firm", "deleted": false, "description": "A domain and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "6", "timestamp": "1582700218", "uuid": "5e318cb9-f1ac-4eac-a1b6-aea2950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1580305594", "to_ids": true, "type": "ip-dst", "uuid": "5e318cba-d264-40c8-abf6-aea2950d210f", "value": "45.32.186.33" }, { "category": "Network activity", "comment": "Spoofed domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1580305599", "to_ids": true, "type": "domain", "uuid": "5e318cbf-203c-4241-b4fa-aea2950d210f", "value": "itworx.com-ho.me" }, { "category": "Network activity", "comment": "Legitimate domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1582700218", "to_ids": false, "type": "domain", "uuid": "5e318cc6-25a8-49a8-a30c-aea2950d210f", "value": "itworx.com" } ] }, { "comment": "Associated organization : Saudi Ministry of Commerce", "deleted": false, "description": "A domain and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "6", "timestamp": "1582700212", "uuid": "5e318e40-4368-4040-bf75-4888950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1580305984", "to_ids": true, "type": "ip-dst", "uuid": "5e318e40-a670-4cea-b42d-4720950d210f", "value": "45.32.186.33" }, { "category": "Network activity", "comment": "Spoofed domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1580305989", "to_ids": true, "type": "domain", "uuid": "5e318e45-9494-4eeb-8166-4333950d210f", "value": "mci.com-ho.me" }, { "category": "Network activity", "comment": "Legitimate domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1582700212", "to_ids": false, "type": "domain", "uuid": "5e318e4c-4980-489d-ab08-4dd0950d210f", "value": "mci.gov.sa" } ] }, { "comment": "Associated organization : Saudi Ministry of Health", "deleted": false, "description": "A domain and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "6", "timestamp": "1582700205", "uuid": "5e318ece-eb38-430b-9235-2768950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1580306126", "to_ids": true, "type": "ip-dst", "uuid": "5e318ece-2d9c-4277-9448-2768950d210f", "value": "45.32.186.33" }, { "category": "Network activity", "comment": "Spoofed domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1580306129", "to_ids": true, "type": "domain", "uuid": "5e318ed1-4c04-4b94-b13a-2768950d210f", "value": "moh.com-ho.me" }, { "category": "Network activity", "comment": "Legitimate domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1582700205", "to_ids": false, "type": "domain", "uuid": "5e318ed1-bbb8-47a1-879d-2768950d210f", "value": "moh.gov.sa" } ] }, { "comment": "Associated organization : Saudi Ministry of Labor", "deleted": false, "description": "A domain and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "6", "timestamp": "1582700199", "uuid": "5e3190e6-cdc4-4ef3-8ee6-d77d950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1580306662", "to_ids": true, "type": "ip-dst", "uuid": "5e3190e6-dd1c-4a11-b857-d77d950d210f", "value": "45.32.186.33" }, { "category": "Network activity", "comment": "Spoofed domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1580306666", "to_ids": true, "type": "domain", "uuid": "5e3190ea-fc30-49b2-889e-d77d950d210f", "value": "mol.com-ho.me" }, { "category": "Network activity", "comment": "Legitimate domain", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1582700199", "to_ids": false, "type": "domain", "uuid": "5e3190ea-5944-41c7-8f49-d77d950d210f", "value": "mol.gov.sa" } ] }, { "comment": "Ministry of Health lure (Health_insurance_registration.doc) delivering PupyRAT", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "19", "timestamp": "1582281744", "uuid": "5e3193d9-9110-4de4-85c0-4844950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5e3193d9-9110-4de4-85c0-4844950d210f", "referenced_uuid": "83aabfa5-efd1-401e-a84d-75ab6ab670f0", "relationship_type": "analysed-with", "timestamp": "1582281781", "uuid": "5e4fb435-87a8-44ee-be84-47ad950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1580307940", "to_ids": true, "type": "md5", "uuid": "5e3193d9-3274-4039-a156-4844950d210f", "value": "1b5e33e5a244d2d67d7a09c4ccf16e56" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1580307946", "to_ids": true, "type": "sha256", "uuid": "5e3195ea-0514-4401-bdd1-f1bd950d210f", "value": "66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1580307953", "to_ids": true, "type": "sha1", "uuid": "5e3195f1-0a2c-4fdc-ae3b-f1bd950d210f", "value": "934c51ff1ea00af2cb3b8465f0a3effcf759d866" } ] }, { "comment": "PupyRAT (pupyx86.dll) ", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "19", "timestamp": "1582281745", "uuid": "5e319643-2f90-4bf1-89f5-7f0b950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5e319643-2f90-4bf1-89f5-7f0b950d210f", "referenced_uuid": "e5e73bc0-efa0-484e-8086-0f3137f470e3", "relationship_type": "analysed-with", "timestamp": "1582281781", "uuid": "5e4fb435-7134-495c-86d1-48c9950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1580308035", "to_ids": true, "type": "md5", "uuid": "5e319643-9e1c-4e62-9e51-7f0b950d210f", "value": "97cb7dc1395918c2f3018c109ab4ea5b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1580308040", "to_ids": true, "type": "filename", "uuid": "5e319648-0760-46c7-8fe5-7f0b950d210f", "value": "pupyx86.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1580308046", "to_ids": true, "type": "sha256", "uuid": "5e31964e-11c4-45ad-9f8e-7f0b950d210f", "value": "8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1580308052", "to_ids": true, "type": "sha1", "uuid": "5e319654-88e0-452c-a212-7f0b950d210f", "value": "3215021976b933ff76ce3436e828286e124e2527" } ] }, { "comment": "Password-themed lure (Password_Policy.xlsm) delivering PupyRAT", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "19", "timestamp": "1582281745", "uuid": "5e31969e-8ca8-462e-b114-7f1d950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5e31969e-8ca8-462e-b114-7f1d950d210f", "referenced_uuid": "87cbd279-31f6-474e-92b7-6f1ca9c322c8", "relationship_type": "analysed-with", "timestamp": "1582281781", "uuid": "5e4fb435-9e64-4abc-bfa3-47cb950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1580308127", "to_ids": true, "type": "md5", "uuid": "5e31969f-ad9c-4559-aacc-7f1d950d210f", "value": "03ea9457bf71d51d8109e737158be888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1580308129", "to_ids": true, "type": "filename", "uuid": "5e3196a1-b288-42bc-9736-7f1d950d210f", "value": "Password_Policy.xlsm" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1580308135", "to_ids": true, "type": "sha256", "uuid": "5e3196a7-e080-40c1-b384-7f1d950d210f", "value": "6c195ea18c05bbf091f09873ed9cd533ec7c8de7a831b85690e48290b579634b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1580308141", "to_ids": true, "type": "sha1", "uuid": "5e3196ad-cd84-477f-9fa2-7f1d950d210f", "value": "d20168c523058c7a82f6d79ef63ea546c794e57b" } ] }, { "comment": "Job-themed Word document lure (qhtma) delivering PupyRAT", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "19", "timestamp": "1582281745", "uuid": "5e3196dc-2b94-4648-97b0-d77c950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5e3196dc-2b94-4648-97b0-d77c950d210f", "referenced_uuid": "959f1fb7-4ad0-4407-82e1-0aa582296285", "relationship_type": "analysed-with", "timestamp": "1582281781", "uuid": "5e4fb435-994c-4636-a70b-44d0950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1580308188", "to_ids": true, "type": "md5", "uuid": "5e3196dc-6c14-4b40-a522-d77c950d210f", "value": "43fad2d62bc23ffdc6d301571135222c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1580308191", "to_ids": true, "type": "sha256", "uuid": "5e3196df-53e4-46e6-8a69-d77c950d210f", "value": "e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1580308197", "to_ids": true, "type": "sha1", "uuid": "5e3196e5-a51c-40f7-af2a-d77c950d210f", "value": "735f5d7ef0c5129f0574bec3cf3d6b06b052744a" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1582281745", "uuid": "e5e73bc0-efa0-484e-8086-0f3137f470e3", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1580308046", "to_ids": false, "type": "datetime", "uuid": "4efc3fca-4e47-41d4-9c53-6855fa268695", "value": "2019-10-06T12:32:49+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1580308046", "to_ids": false, "type": "link", "uuid": "1c2fbc9e-ec53-4563-a2fa-cbc5382a3f1e", "value": "https://www.virustotal.com/file/8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71/analysis/1570365169/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1580308046", "to_ids": false, "type": "text", "uuid": "2c9d6d4a-d21b-483d-8e06-5a477d379ecd", "value": "48/68" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1582281768", "uuid": "83aabfa5-efd1-401e-a84d-75ab6ab670f0", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1580307946", "to_ids": false, "type": "datetime", "uuid": "bb7e0f82-e140-4983-81f3-1f50292b574a", "value": "2020-01-27T06:52:25+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1580307946", "to_ids": false, "type": "link", "uuid": "8c5c9af9-34a4-4495-b646-c40794eec2e9", "value": "https://www.virustotal.com/file/66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b/analysis/1580107945/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1580307946", "to_ids": false, "type": "text", "uuid": "920edadd-fc71-4b17-8faa-66e75327811d", "value": "42/61" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1582281781", "uuid": "87cbd279-31f6-474e-92b7-6f1ca9c322c8", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1580308135", "to_ids": false, "type": "datetime", "uuid": "20e4a0ed-3bd1-4690-a439-eada2cb6a90a", "value": "2020-01-16T14:24:18+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1580308135", "to_ids": false, "type": "link", "uuid": "8eb1988e-1d7e-4c00-8988-fbccd32e52ef", "value": "https://www.virustotal.com/file/6c195ea18c05bbf091f09873ed9cd533ec7c8de7a831b85690e48290b579634b/analysis/1579184658/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1580308135", "to_ids": false, "type": "text", "uuid": "3f0c1ac0-fb20-4ecd-922a-cf23a82fd177", "value": "40/60" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1582281781", "uuid": "959f1fb7-4ad0-4407-82e1-0aa582296285", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1580308191", "to_ids": false, "type": "datetime", "uuid": "53ff6fff-365d-4afa-94dd-bac37560dba3", "value": "2020-01-15T20:35:20+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1580308191", "to_ids": false, "type": "link", "uuid": "8148d76e-ac8e-4380-b1bb-0d233f81375c", "value": "https://www.virustotal.com/file/e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6/analysis/1579120520/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1580308191", "to_ids": false, "type": "text", "uuid": "4eb9669c-778b-42fc-a507-99bbd567195d", "value": "42/59" } ] } ] } }