{ "Event": { "analysis": "1", "date": "2019-08-27", "extends_uuid": "", "info": "OSINT - Mirai - Loligang bot", "publish_timestamp": "1566914231", "published": true, "threat_level_id": "3", "timestamp": "1566913593", "uuid": "5d6532ef-05a0-4a1b-a2ee-4c86950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#0071c3", "name": "osint:lifetime=\"perpetual\"" }, { "colour": "#0087e8", "name": "osint:certainty=\"50\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#0088cc", "name": "misp-galaxy:botnet=\"Mirai\"" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913384", "to_ids": true, "type": "sha256", "uuid": "5d653369-2484-4ccc-a411-4d15950d210f", "value": "93130f4edabb095aaa584dd76c03fcec701e7bf7e9772c1ccfb140f049d6cfff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-4d30-4ed7-9f4d-443c950d210f", "value": "fc231bb098cf67c9c56df59ba43e128388cc04e76b72b2d2ee5f1e02a6537699" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-2f5c-4fda-b306-4cba950d210f", "value": "feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-1b00-48fe-b664-45a8950d210f", "value": "84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-842c-4de7-853c-46b9950d210f", "value": "b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-d99c-4174-86ce-4133950d210f", "value": "cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-89e0-4dc7-8017-42bf950d210f", "value": "53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-cb98-4f5c-a3f6-4442950d210f", "value": "2439ffb7966e7d4521ff55f1c7df438a1d51cc21693edf82e46ff39dde2ef7d7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-7af0-4175-98a3-4910950d210f", "value": "e1f10b070c575eae46cc89ae9638d58c348d754e24beacb0d1b0a2e613335c60" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-fe40-4c9a-afa6-42ee950d210f", "value": "b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "5d653369-3ff0-4e98-8d91-4893950d210f", "value": "7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-444c-42f6-bdb6-47bd950d210f", "value": "ftp://165.22.153.245/loligang.mpsl" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-d6dc-44e8-8212-419b950d210f", "value": "ftp://165.22.153.245/loligang.arm7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-33a4-4992-9f35-4fc0950d210f", "value": "ftp://165.22.153.245/loligang.arm6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-3ea4-4507-95b5-4053950d210f", "value": "ftp://165.22.153.245/loligang.arm5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-8374-4c32-92ed-4778950d210f", "value": "ftp://165.22.153.245/loligang.spc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-6444-4580-abb1-45eb950d210f", "value": "ftp://165.22.153.245/loligang.arm" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-8e44-449f-8c7d-41d6950d210f", "value": "ftp://165.22.153.245/loligang.m68k" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-e2dc-4499-93af-48a9950d210f", "value": "ftp://165.22.153.245/loligang.mips" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-673c-484f-8131-47fd950d210f", "value": "ftp://165.22.153.245/loligang.ppc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-d878-4c31-95fd-4887950d210f", "value": "ftp://165.22.153.245/loligang.x86" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "url", "uuid": "5d653369-2754-4c2f-8ce3-409f950d210f", "value": "ftp://165.22.153.245/loligang.sh4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-e660-4365-8bef-4ff8950d210f", "value": "4d6b2efa2bba2bb86c26aa827f0cc531" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-ae30-4d8e-82af-489d950d210f", "value": "9e00aa8e675a88db881b1d4909745d2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-3848-4ffa-a320-4c6b950d210f", "value": "657bcdd6be43d48b3a664ae7f8b047a6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-4258-4ae6-807b-40bf950d210f", "value": "ae006853961580175c88b1b91c126620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-dc38-429c-9d34-489e950d210f", "value": "7d2dcfdad728c946d2d97405c618f2c9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-07b8-4229-bfaf-417e950d210f", "value": "a8672298a8b6ce167d8bebff1252bc6a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-ecc4-4624-a9e8-4b52950d210f", "value": "9b66bc34acbf90fa299109dbf2195194" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-979c-467f-8941-46d1950d210f", "value": "001c1a6c30eb5a93d0b8dbddeb873b32" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-e0a8-4747-ac7a-4a03950d210f", "value": "2afaf4d7344b34d0ba11d61ec6978dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-0e5c-4b87-a090-4a72950d210f", "value": "0420409b6b89b1eb141192902d7b7704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5d653369-bdc0-4c2b-adbd-452c950d210f", "value": "8b04de9e996f11bf1e047760cd758ebb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-26dc-4b39-988d-4dc3950d210f", "value": "ab4b298e59b01cc0a37edd7fa9be7dadb08e35a8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-0f7c-43ef-acc9-42a5950d210f", "value": "3b2d1af776ea516411099c20bf02dfa095002dc0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-a990-4bd8-bc6a-407e950d210f", "value": "6922753a6c844350e4b2440bc70eb27ef91cdc7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-6a58-4df5-a91c-4d1d950d210f", "value": "b6ab78139561b22c909266e1b906b882255cf4d1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-5550-4e1b-9154-4750950d210f", "value": "3302347dbff47ad6271c8e402f2bce18a0df1983" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-3340-4137-9cf2-4f77950d210f", "value": "4c06370189b9154b44a6a975a05a0a3bbb6c5382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-5fc8-4684-a863-420a950d210f", "value": "3252d21dc0cb2817673f92d1b00e13f6f9542b1e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-6a40-4817-9779-489c950d210f", "value": "1893faeab933826ac3a85bab919a9ba0b734d2f1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-bf78-4d93-8474-4f5c950d210f", "value": "488734ad3fa96f647ac1f23fb97649c36b1b87a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-26c4-43a8-a291-4f8e950d210f", "value": "6835affc0e893edb626b609198ceb4ba457acdc4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "5d653369-4310-4699-8e3d-4b4e950d210f", "value": "567caadc5b269770a5c401869a18471dfa344d44" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913385", "to_ids": true, "type": "ip-dst", "uuid": "5d653369-4a44-4eb2-89f6-4683950d210f", "value": "165.22.153.245" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1566913404", "to_ids": false, "type": "link", "uuid": "5d65337c-f0f4-4c18-9c06-4235950d210f", "value": "https://otx.alienvault.com/pulse/5d652c579d3ca47ab1d8aff4" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566913527", "uuid": "0817c131-b50c-45a1-a1a3-a3072f5e21c6", "ObjectReference": [ { "comment": "", "object_uuid": "0817c131-b50c-45a1-a1a3-a3072f5e21c6", "referenced_uuid": "f0889f07-a335-4483-b790-bbd8384cd71c", "relationship_type": "analysed-with", "timestamp": "1566913529", "uuid": "5d6533f9-dd08-4fad-91f9-43dc950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "5a5e9f88-3aa0-4ff3-af24-753502a35def", "value": "657bcdd6be43d48b3a664ae7f8b047a6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "e3d8465e-7889-4282-83bb-1449799d0a28", "value": "b6ab78139561b22c909266e1b906b882255cf4d1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "bbe9b907-e971-4948-a762-a4a749f130e4", "value": "b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566913527", "uuid": "f0889f07-a335-4483-b790-bbd8384cd71c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1566913385", "to_ids": false, "type": "datetime", "uuid": "c0b4c7ef-9a55-45e1-af49-078072c675e8", "value": "2019-08-27T13:10:59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1566913385", "to_ids": false, "type": "link", "uuid": "b9451c41-a02e-4843-be13-99d1d18c757f", "value": "https://www.virustotal.com/file/b41756ea36db32de5aef58544c8beffb2e8def785bf80575878e4a9b4a0a6e87/analysis/1566911459/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1566913385", "to_ids": false, "type": "text", "uuid": "9f7c1fab-cf70-4703-ac64-9c0ef70a5790", "value": "21/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566913527", "uuid": "b16a7b3b-2836-4d8f-9b96-53ca98c1d7f0", "ObjectReference": [ { "comment": "", "object_uuid": "b16a7b3b-2836-4d8f-9b96-53ca98c1d7f0", "referenced_uuid": "6cb3e0a7-3216-4eb8-98c6-06e79a5f2995", "relationship_type": "analysed-with", "timestamp": "1566913529", "uuid": "5d6533f9-c528-4c19-96c5-4649950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "0d95d4d6-7bf4-445c-a356-24f62925cf89", "value": "9b66bc34acbf90fa299109dbf2195194" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "cb793a7b-dbbb-4cae-beac-705a3e67aaee", "value": "3252d21dc0cb2817673f92d1b00e13f6f9542b1e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "c321d9e5-7eaf-4eb3-9061-3355c3d7864a", "value": "84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566913528", "uuid": "6cb3e0a7-3216-4eb8-98c6-06e79a5f2995", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1566913385", "to_ids": false, "type": "datetime", "uuid": "e884b15b-2e8e-449d-9a40-4bb70c26f386", "value": "2019-08-27T13:10:57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1566913385", "to_ids": false, "type": "link", "uuid": "a28a7598-8070-4145-bb6f-110a3b2268b2", "value": "https://www.virustotal.com/file/84cb76cd07b62e144c9acb27f1fc2773fd4a9ff19318389ab5ad8b72063673fe/analysis/1566911457/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1566913385", "to_ids": false, "type": "text", "uuid": "bd3af045-5bcd-488d-b08b-62c08cad8201", "value": "24/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566913528", "uuid": "79e1f030-379c-4127-aa04-b3603f1a3824", "ObjectReference": [ { "comment": "", "object_uuid": "79e1f030-379c-4127-aa04-b3603f1a3824", "referenced_uuid": "254ac2d2-ddbf-46d3-b400-3636b8595f92", "relationship_type": "analysed-with", "timestamp": "1566913529", "uuid": "5d6533f9-9a8c-4ca5-bd38-413b950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "85e00401-d240-4c72-979b-e22ce1bf32f7", "value": "001c1a6c30eb5a93d0b8dbddeb873b32" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "b1bdfd6a-0fbc-4150-b057-5c031b2e681b", "value": "6835affc0e893edb626b609198ceb4ba457acdc4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "ddb9a38e-279b-47c9-89a4-337ed8d6c7be", "value": "feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566913528", "uuid": "254ac2d2-ddbf-46d3-b400-3636b8595f92", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1566913385", "to_ids": false, "type": "datetime", "uuid": "44eca0fc-84c9-4341-b7cd-bc060f188eb9", "value": "2019-08-26T13:58:32" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1566913385", "to_ids": false, "type": "link", "uuid": "0b7e65b1-e6b0-4103-9bbb-ad81cb091c89", "value": "https://www.virustotal.com/file/feb98eb9497c1101953d4b24782e8e90b86a9d35a880c1e644c7241ae2fae53c/analysis/1566827912/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1566913385", "to_ids": false, "type": "text", "uuid": "fe764259-0dbe-4934-b8a0-8e1a279399f0", "value": "24/55" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566913528", "uuid": "23c7e1ee-00f6-45ae-a4a9-f08888078fc2", "ObjectReference": [ { "comment": "", "object_uuid": "23c7e1ee-00f6-45ae-a4a9-f08888078fc2", "referenced_uuid": "af3d2aae-9c33-4cac-8b18-5338ae1450c2", "relationship_type": "analysed-with", "timestamp": "1566913529", "uuid": "5d6533f9-ea70-46fd-9597-4bf8950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "9a15cd0c-e3fe-426d-9e8e-d92d5d28c24e", "value": "0420409b6b89b1eb141192902d7b7704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "37b7bd2a-cd0b-4acb-b670-5dccb1a8ed82", "value": "488734ad3fa96f647ac1f23fb97649c36b1b87a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "81279429-75a8-4a94-8500-2203df37d767", "value": "cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566913528", "uuid": "af3d2aae-9c33-4cac-8b18-5338ae1450c2", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1566913385", "to_ids": false, "type": "datetime", "uuid": "787556d0-4b2f-44e7-aaf9-3075ea47e7da", "value": "2019-08-26T13:58:32" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1566913385", "to_ids": false, "type": "link", "uuid": "76d8279d-e5fe-49c9-a228-e13b2a44dd05", "value": "https://www.virustotal.com/file/cda6038014ccf05520911decefb880ad439a780904f6fe8b8d85ae35a6660fba/analysis/1566827912/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1566913385", "to_ids": false, "type": "text", "uuid": "c0066020-5fc6-4e58-bf3c-77f210d7c98b", "value": "24/55" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566913528", "uuid": "e04e0d05-85fc-44a7-87f7-32746aada35a", "ObjectReference": [ { "comment": "", "object_uuid": "e04e0d05-85fc-44a7-87f7-32746aada35a", "referenced_uuid": "a9480e09-5437-40db-94c9-5dfbe5bc98c9", "relationship_type": "analysed-with", "timestamp": "1566913530", "uuid": "5d6533fa-0c8c-46ab-904b-4564950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "a85692b6-83c8-4ec3-abf1-ef3a74b4201c", "value": "2afaf4d7344b34d0ba11d61ec6978dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "b81dac9f-2936-4e2c-b060-41372cbaafd3", "value": "1893faeab933826ac3a85bab919a9ba0b734d2f1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "52dd53c5-14bf-404f-a397-c92474bce253", "value": "53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566913528", "uuid": "a9480e09-5437-40db-94c9-5dfbe5bc98c9", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1566913385", "to_ids": false, "type": "datetime", "uuid": "7e6cef86-122e-47ce-bfb5-c96dcd8be92c", "value": "2019-08-27T13:10:57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1566913385", "to_ids": false, "type": "link", "uuid": "ffb82c5b-f099-4a08-8a75-e90a5c087550", "value": "https://www.virustotal.com/file/53a52a566fea292a64f8d10d860c1fca4398498aadb6a69ba815c4c801fd4582/analysis/1566911457/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1566913385", "to_ids": false, "type": "text", "uuid": "458d1e5e-abfe-48db-a852-e8f566228319", "value": "34/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566913529", "uuid": "4022a205-9ae8-4e3e-b1f0-5e8e3cbe33f3", "ObjectReference": [ { "comment": "", "object_uuid": "4022a205-9ae8-4e3e-b1f0-5e8e3cbe33f3", "referenced_uuid": "1c5d190e-a3c9-44e2-9225-7204e2439319", "relationship_type": "analysed-with", "timestamp": "1566913530", "uuid": "5d6533fa-070c-4a9e-97de-49a2950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "e1b728ec-5c2f-47c5-b45e-e3971a7d1769", "value": "7d2dcfdad728c946d2d97405c618f2c9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "74339533-ac15-46ed-bd65-c30300dc7dc7", "value": "6922753a6c844350e4b2440bc70eb27ef91cdc7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "29065d54-d7cc-4a2d-90be-e00d1f975b8a", "value": "b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566913529", "uuid": "1c5d190e-a3c9-44e2-9225-7204e2439319", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1566913385", "to_ids": false, "type": "datetime", "uuid": "35a02550-3a30-4aff-ade1-e029f71962de", "value": "2019-08-27T09:30:02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1566913385", "to_ids": false, "type": "link", "uuid": "93016d9b-6885-4799-b4f4-3232438c2995", "value": "https://www.virustotal.com/file/b9959bd676bca236593e08baaedca1b1195cc998195bd7059c039bb5506386d6/analysis/1566898202/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1566913385", "to_ids": false, "type": "text", "uuid": "27537950-34df-48e2-96fb-5f51e4d1a0b5", "value": "28/56" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566913529", "uuid": "70b72a57-ea6e-46e7-83ad-31298af63206", "ObjectReference": [ { "comment": "", "object_uuid": "70b72a57-ea6e-46e7-83ad-31298af63206", "referenced_uuid": "9fa18b29-a098-494a-8c9f-aba9ce301f9a", "relationship_type": "analysed-with", "timestamp": "1566913530", "uuid": "5d6533fa-7e90-4aea-bb7c-432c950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1566913385", "to_ids": true, "type": "md5", "uuid": "83448b6f-d619-495f-8d0c-adb36078fb3c", "value": "ae006853961580175c88b1b91c126620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1566913385", "to_ids": true, "type": "sha1", "uuid": "221d83b2-2cbc-4dc7-8e5e-a864bce5fc08", "value": "ab4b298e59b01cc0a37edd7fa9be7dadb08e35a8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1566913385", "to_ids": true, "type": "sha256", "uuid": "a73b08f6-149f-43b5-a36c-ff90591cb86f", "value": "7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566913529", "uuid": "9fa18b29-a098-494a-8c9f-aba9ce301f9a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1566913385", "to_ids": false, "type": "datetime", "uuid": "674ff6df-7692-41e8-85ce-2dcbc25a9013", "value": "2019-08-26T10:57:13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1566913385", "to_ids": false, "type": "link", "uuid": "154ee7cb-c514-4b31-8b03-8512a25207a4", "value": "https://www.virustotal.com/file/7ed5022a3f047ff69b0e0bfa10a248c8752cd9a514d9a0163634e1eb1dc85c3d/analysis/1566817033/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1566913385", "to_ids": false, "type": "text", "uuid": "2c118fa2-b70f-4f30-86bf-69013711a34e", "value": "20/57" } ] } ] } }