{ "Event": { "analysis": "2", "date": "2018-01-11", "extends_uuid": "", "info": "OSINT - Mac Malware of 2017", "publish_timestamp": "1518771610", "published": true, "threat_level_id": "3", "timestamp": "1518231708", "uuid": "5a5724c6-5e20-4d61-9ccb-4191950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"FruitFly\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"MacDownloader\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"MacRansom\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:rat=\"MacSpy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"Empyre\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"Proton\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"Mughthesec\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"Pwnet\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"CpuMeaner\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"FileCoder\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:banker=\"Dok\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-malware=\"XAgentOSX\"", "relationship_type": "" }, { "colour": "#0c9800", "local": "0", "name": "misp-galaxy:tool=\"X-Agent\"", "relationship_type": "" }, { "colour": "#065100", "local": "0", "name": "misp-galaxy:tool=\"Turla\"", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" }, { "colour": "#002b4a", "local": "0", "name": "osint:source-type=\"technical-report\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#2c4f00", "local": "0", "name": "malware_classification:malware-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#002f76", "local": "0", "name": "ms-caro-malware-full:malware-family=\"Banker\"", "relationship_type": "" }, { "colour": "#3b7500", "local": "0", "name": "circl:incident-classification=\"malware\"", "relationship_type": "" }, { "colour": "#284800", "local": "0", "name": "malware_classification:malware-category=\"Trojan\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185582", "to_ids": false, "type": "link", "uuid": "5a5725af-c85c-4245-9e36-442b950d210f", "value": "https://objective-see.com/blog/blog_0x25.html", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185582", "to_ids": false, "type": "comment", "uuid": "5a5726ab-e594-48e0-9f19-099b950d210f", "value": "For the second year in a row, I've decided to post a blog that comprehensively covers all the new Mac malware that appeared during the course of the year. While the specimens may have been briefly reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively cover all new Mac malware of 2017 - in one place. For each, we'll dive into various technical details such as identifying the malware's infection vector, persistence mechanism, features & goals, and describe how to clean an infected system.", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185582", "to_ids": false, "type": "link", "uuid": "5a58693b-6748-42fb-8b4e-4507950d210f", "value": "https://www.virusbulletin.com/uploads/pdf/magazine/2017/VB2017-Wardle.pdf", "Tag": [ { "colour": "#002b4a", "local": "0", "name": "osint:source-type=\"technical-report\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185582", "to_ids": false, "type": "link", "uuid": "5a58693c-6350-40a4-9cf2-4b13950d210f", "value": "https://www.cybersixgill.com/wp-content/uploads/2017/02/02072017%20-%20Proton%20-%20A%20New%20MAC%20OS%20RAT%20-%20Sixgill%20Threat%20Report.pdf", "Tag": [ { "colour": "#002b4a", "local": "0", "name": "osint:source-type=\"technical-report\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185583", "to_ids": false, "type": "link", "uuid": "5a586a6e-9420-44eb-9341-420d950d210f", "value": "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185583", "to_ids": false, "type": "link", "uuid": "5a586a6f-c7e0-4330-a459-4a3f950d210f", "value": "https://objective-see.com/blog/blog_0x17.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185584", "to_ids": false, "type": "link", "uuid": "5a586a6f-7aa0-4a57-bad2-4a74950d210f", "value": "https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/osx-proton-spreading-through-fake-symantec-blog/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185584", "to_ids": false, "type": "link", "uuid": "5a586a6f-b1f0-4118-a840-4916950d210f", "value": "https://iranthreats.github.io/resources/macdownloader-macos-malware/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185584", "to_ids": false, "type": "link", "uuid": "5a586a6f-bdc0-4812-a215-4367950d210f", "value": "https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185585", "to_ids": false, "type": "link", "uuid": "5a586a6f-5334-4881-9275-4493950d210f", "value": "https://objective-see.com/blog/blog_0x1F.html", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185585", "to_ids": false, "type": "link", "uuid": "5a586a6f-8e08-456a-95b3-44ca950d210f", "value": "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185586", "to_ids": false, "type": "link", "uuid": "5a586a6f-387c-4485-90b5-420b950d210f", "value": "https://www.welivesecurity.com/2017/02/22/new-crypto-ransomware-hits-macos/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185586", "to_ids": false, "type": "link", "uuid": "5a586a6f-6ee0-4bb2-9ea3-41e5950d210f", "value": "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185586", "to_ids": false, "type": "link", "uuid": "5a586a6f-1b60-43b2-88a3-4966950d210f", "value": "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185587", "to_ids": false, "type": "link", "uuid": "5a586a6f-8dac-4932-9d31-40e3950d210f", "value": "https://objective-see.com/blog/blog_0x18.html", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185587", "to_ids": false, "type": "link", "uuid": "5a586a6f-3130-4211-9d3e-47e1950d210f", "value": "https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-windows-mac/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185588", "to_ids": false, "type": "link", "uuid": "5a586a6f-d9c8-45d5-9a8d-4246950d210f", "value": "https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "command and control (C&C) servers", "deleted": false, "disable_correlation": false, "timestamp": "1518185588", "to_ids": true, "type": "ip-dst", "uuid": "5a586d3d-d860-4ac4-83d1-4457950d210f", "value": "99.153.29.240" }, { "category": "Network activity", "comment": "command and control (C&C) servers", "deleted": false, "disable_correlation": false, "timestamp": "1518185588", "to_ids": true, "type": "hostname", "uuid": "5a586d3d-d274-479d-83c9-4b8f950d210f", "value": "eidk.hopto.org" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1515745492", "to_ids": true, "type": "sha256", "uuid": "5a5870d4-b0a0-42b8-85d7-45c3950d210f", "value": "94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1515745492", "to_ids": true, "type": "sha256", "uuid": "5a5870d4-673c-4b17-a384-46df950d210f", "value": "694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26" }, { "category": "Payload delivery", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "deleted": false, "disable_correlation": false, "timestamp": "1515745704", "to_ids": true, "type": "sha256", "uuid": "5a5871a8-b690-4501-9bb8-43cf950d210f", "value": "befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185589", "to_ids": true, "type": "ip-dst", "uuid": "5a5874a6-93e4-40c1-bcad-405b950d210f", "value": "67.188.230.50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185589", "to_ids": true, "type": "filename", "uuid": "5a5874a6-5d4c-46e9-a090-4ec9950d210f", "value": "gro.otpoh.kdie" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185590", "to_ids": true, "type": "filename", "uuid": "5a5874a6-0fbc-4bcd-b43b-4a09950d210f", "value": "gro.sndkcud.kdie" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185590", "to_ids": true, "type": "hostname", "uuid": "5a5874a6-8290-4544-9472-4222950d210f", "value": "eidk.duckdns.org" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185591", "to_ids": true, "type": "filename", "uuid": "5a587b98-1324-48ec-bc3e-4949950d210f", "value": "checkadr.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185591", "to_ids": true, "type": "url", "uuid": "5a587b98-616c-412d-9933-4c69950d210f", "value": "http://46.17.97.37/Servermac.php" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185591", "to_ids": true, "type": "filename", "uuid": "5a587b98-265c-4f10-91f4-4f9e950d210f", "value": "eula-help.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185592", "to_ids": true, "type": "url", "uuid": "5a587b98-3eec-4e65-b45e-4364950d210f", "value": "http://192.168.3.217/DroperTest" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185592", "to_ids": true, "type": "filename", "uuid": "5a587b98-8cdc-4b4c-9072-4f66950d210f", "value": "appId.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185592", "to_ids": true, "type": "ip-dst", "uuid": "5a587d0d-e7cc-4f45-8596-4575950d210f", "value": "46.17.97.37" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185593", "to_ids": true, "type": "domain", "uuid": "5a587d0d-7858-424b-aa19-4dc1950d210f", "value": "officialswebsites.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185593", "to_ids": true, "type": "hostname", "uuid": "5a587d0d-abc0-4374-9497-4376950d210f", "value": "utc.officialswebsites.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185594", "to_ids": true, "type": "url", "uuid": "5a587f73-26fc-49f3-bb30-4c1a950d210f", "value": "https://www.securitychecking.org:443/index.asp" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1515751831", "to_ids": true, "type": "sha256", "uuid": "5a588997-15ac-4228-967b-4a1c950d210f", "value": "128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe" }, { "category": "Network activity", "comment": "command and control server", "deleted": false, "disable_correlation": false, "timestamp": "1518185594", "to_ids": true, "type": "domain", "uuid": "5a588b7d-77b4-43bb-a98f-4df2950d210f", "value": "handbrake.biz" }, { "category": "Network activity", "comment": "command and control server", "deleted": false, "disable_correlation": false, "timestamp": "1518185594", "to_ids": true, "type": "domain", "uuid": "5a588b7d-78e4-451b-997f-45ee950d210f", "value": "handbrakestore.com" }, { "category": "Network activity", "comment": "command and control server", "deleted": false, "disable_correlation": false, "timestamp": "1518185595", "to_ids": true, "type": "domain", "uuid": "5a588b7d-1500-4e04-b20a-41e7950d210f", "value": "handbrake.cc" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1518185595", "to_ids": true, "type": "url", "uuid": "5a588c8c-c138-4cc7-84b9-421a950d210f", "value": "http://23.227.196.215/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1518185596", "to_ids": true, "type": "url", "uuid": "5a588c8d-f950-4fc4-aa8a-4942950d210f", "value": "http://apple-iclods.org/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1518185596", "to_ids": true, "type": "url", "uuid": "5a588c8d-2f50-4f57-bdeb-48bf950d210f", "value": "http://apple-checker.org/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1518185596", "to_ids": true, "type": "url", "uuid": "5a588c8d-0c00-4303-b758-4d53950d210f", "value": "http://apple-uptoday.org/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1518185597", "to_ids": true, "type": "url", "uuid": "5a588c8d-4ba8-4400-84dd-47e9950d210f", "value": "http://apple-search.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185597", "to_ids": true, "type": "ip-dst", "uuid": "5a588cd4-2674-48e6-ba6d-4936950d210f", "value": "23.227.196.215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185597", "to_ids": true, "type": "domain", "uuid": "5a588cd4-296c-4c6b-b525-447d950d210f", "value": "apple-iclods.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185598", "to_ids": true, "type": "domain", "uuid": "5a588cd4-0e2c-4f16-9612-4c46950d210f", "value": "apple-checker.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185598", "to_ids": true, "type": "domain", "uuid": "5a588cd4-1bd4-4974-80cc-46b5950d210f", "value": "apple-uptoday.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185599", "to_ids": true, "type": "domain", "uuid": "5a588cd4-83a8-4070-85fe-4751950d210f", "value": "apple-search.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185599", "to_ids": true, "type": "ip-dst", "uuid": "5a588cd4-dcc0-4d12-b524-4832950d210f", "value": "23.227.196.217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1515752681", "to_ids": true, "type": "sha256", "uuid": "5a588ce9-3f18-41de-a8f3-6247950d210f", "value": "2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea" }, { "category": "Network activity", "comment": "Proton C2 domain", "deleted": false, "disable_correlation": false, "timestamp": "1518185600", "to_ids": true, "type": "domain", "uuid": "5a588edc-55c8-4142-9d86-40aa950d210f", "value": "eltima.in" }, { "category": "Network activity", "comment": "URL distributing the trojanized application at the time of discovery.", "deleted": false, "disable_correlation": false, "timestamp": "1518185600", "to_ids": true, "type": "url", "uuid": "5a588efe-f068-422e-8209-4f30950d210f", "value": "https://mac.eltima.com/download/elmediaplayer.dmg" }, { "category": "Network activity", "comment": "URL distributing the trojanized application at the time of discovery.", "deleted": false, "disable_correlation": false, "timestamp": "1518185600", "to_ids": true, "type": "url", "uuid": "5a588efe-b770-4240-918f-40d0950d210f", "value": "http://www.elmedia-video-player.com/download/elmediaplayer.dmg" }, { "category": "Network activity", "comment": "URL distributing the trojanized application at the time of discovery.", "deleted": false, "disable_correlation": false, "timestamp": "1518185601", "to_ids": true, "type": "url", "uuid": "5a588efe-6e7c-49fa-88b0-4926950d210f", "value": "https://mac.eltima.com/download/downloader_mac.dmg" }, { "category": "Payload delivery", "comment": "ZIP archive with the Proton malware and Python scripts", "deleted": false, "disable_correlation": false, "timestamp": "1515753408", "to_ids": true, "type": "sha1", "uuid": "5a588fc0-2f8c-44e1-8bc0-4901950d210f", "value": "10a09c09fd5dd76202e308718a357abc7de291b5" }, { "category": "Payload delivery", "comment": "Launcher (or wrapper)", "deleted": false, "disable_correlation": false, "timestamp": "1515754046", "to_ids": true, "type": "sha1", "uuid": "5a58923e-99bc-4f6e-871e-4f47950d210f", "value": "30d77908ac9d37c4c14d32ea3e0b8df4c7e75464" }, { "category": "Payload delivery", "comment": "Proton malware, not signed", "deleted": false, "disable_correlation": false, "timestamp": "1515754107", "to_ids": true, "type": "sha1", "uuid": "5a58927b-3168-4cc8-8adb-45d5950d210f", "value": "ef5a11a1bb5b2423554309688aa7947f4afa5388" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185601", "to_ids": true, "type": "domain", "uuid": "5a5892db-aadc-434f-b8d2-4545950d210f", "value": "symantecblog.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185602", "to_ids": true, "type": "domain", "uuid": "5a58b14a-6e58-4ce3-8c6d-408b950d210f", "value": "apple-iclods.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185602", "to_ids": true, "type": "url", "uuid": "5a58b167-75d4-4ae8-b97e-49b6950d210f", "value": "http://23.227.196.215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185602", "to_ids": true, "type": "url", "uuid": "5a58b167-8a0c-444d-b52f-4b59950d210f", "value": "http://apple-iclods.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185603", "to_ids": true, "type": "url", "uuid": "5a58b167-c74c-41ef-9ae2-4f42950d210f", "value": "http://apple-checker.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185603", "to_ids": true, "type": "url", "uuid": "5a58b167-1de8-4feb-a032-477d950d210f", "value": "http://apple-uptoday.org" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "timestamp": "1515765093", "to_ids": true, "type": "sha256", "uuid": "5a58bd65-4eb8-43e1-9555-4f95950d210f", "value": "3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "timestamp": "1515765093", "to_ids": true, "type": "sha256", "uuid": "5a58bd65-ec78-4531-82ff-439a950d210f", "value": "cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "timestamp": "1515765093", "to_ids": true, "type": "sha256", "uuid": "5a58bd65-b0bc-4851-8266-4e43950d210f", "value": "4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1515765454", "to_ids": true, "type": "sha256", "uuid": "5a58bece-2560-4d95-bfdc-4996950d210f", "value": "7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1515765455", "to_ids": true, "type": "sha256", "uuid": "5a58becf-33ac-4d37-bbee-4aaf950d210f", "value": "4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185604", "to_ids": true, "type": "filename", "uuid": "5a58bfe5-fcf4-4b2f-a229-4f94950d210f", "value": "/Library/LaunchDaemons/com.adobe.update.plist" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185604", "to_ids": true, "type": "filename", "uuid": "5a58bfe6-3008-4b03-90dc-41e0950d210f", "value": "/Library/Scripts/installd.sh" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185604", "to_ids": true, "type": "hostname", "uuid": "5a58c0fb-5c08-4a71-94fc-4dcd950d210f", "value": "car-service.effers.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185605", "to_ids": true, "type": "ip-dst", "uuid": "5a58c0fb-3e30-4946-b9e9-449c950d210f", "value": "83.229.87.11" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515745222", "uuid": "5a586fc6-e0fc-4f06-b55a-46a7950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515745222", "to_ids": true, "type": "filename", "uuid": "5a586fc6-b6e4-4592-9da3-4168950d210f", "value": "macsvc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515745222", "to_ids": true, "type": "sha256", "uuid": "5a586fc6-7f60-47f1-bab8-4130950d210f", "value": "b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515745222", "to_ids": false, "type": "text", "uuid": "5a586fc6-c494-406e-8723-4e75950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515745460", "uuid": "5a5870b4-5c68-4077-8cce-4138950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515745460", "to_ids": true, "type": "filename", "uuid": "5a5870b4-53bc-433b-8954-48d8950d210f", "value": "afpscan" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515745460", "to_ids": true, "type": "sha256", "uuid": "5a5870b4-46a4-4880-9100-4d2a950d210f", "value": "bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515745460", "to_ids": false, "type": "text", "uuid": "5a5870b4-2690-4b0b-be50-4734950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515748111", "uuid": "5a587b0f-b46c-4403-be5e-423d950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515748111", "to_ids": true, "type": "filename", "uuid": "5a587b0f-82c0-4f13-8ec7-4e5d950d210f", "value": "addone flashplayer.app.zip" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515748310", "to_ids": true, "type": "sha256", "uuid": "5a587b0f-7b54-4973-94b3-40f8950d210f", "value": "52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515748111", "to_ids": false, "type": "text", "uuid": "5a587b0f-0060-413b-b677-40b9950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515748604", "uuid": "5a587cfc-3568-4d8d-bcc1-4920950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515748604", "to_ids": true, "type": "filename", "uuid": "5a587cfc-75d8-475f-ae78-44c1950d210f", "value": "Bitdefender Adware Removal Tool" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515748604", "to_ids": true, "type": "sha256", "uuid": "5a587cfc-6930-4c61-97f0-472f950d210f", "value": "7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515748604", "to_ids": false, "type": "text", "uuid": "5a587cfc-4534-4097-ac9d-416e950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515748916", "uuid": "5a587e34-dc78-4406-897c-4cff950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515748916", "to_ids": true, "type": "filename", "uuid": "5a587e34-dc60-4178-952c-4bfd950d210f", "value": "U.S. Allies and Rivals Digest Trump's Victory - Carnegie Endowment for International Peace.docm" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515748916", "to_ids": true, "type": "sha256", "uuid": "5a587e34-ee34-4bd2-a6e8-4157950d210f", "value": "07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515748916", "to_ids": false, "type": "text", "uuid": "5a587e34-fd00-4f5e-817c-433d950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "A domain and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "5", "timestamp": "1515749433", "uuid": "5a588039-c95c-4895-ad28-43ff950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1515749433", "to_ids": true, "type": "ip-dst", "uuid": "5a588039-1678-47a6-910b-4763950d210f", "value": "185.22.174.37" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1515749433", "to_ids": true, "type": "domain", "uuid": "5a588039-5050-4ad7-beae-497c950d210f", "value": "www.securitychecking.org" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515753074", "uuid": "5a588e6f-c80c-4f1e-ab63-5fa4950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a588e6f-c80c-4f1e-ab63-5fa4950d210f", "referenced_uuid": "c484d968-23eb-42f0-95b4-c646ff1c4a46", "relationship_type": "analysed-with", "timestamp": "1518771603", "uuid": "5a7dacb6-8444-4a82-9a60-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515753071", "to_ids": true, "type": "sha1", "uuid": "5a588e6f-f5e4-4e74-956b-5fa4950d210f", "value": "0603353852e174fc0337642e3957c7423f182a8c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515753071", "to_ids": false, "type": "text", "uuid": "5a588e6f-47c8-4eb1-a79b-5fa4950d210f", "value": "Harmless" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515753094", "uuid": "5a588e83-b4f8-44e1-8e4c-5f67950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a588e83-b4f8-44e1-8e4c-5f67950d210f", "referenced_uuid": "c54a631e-db6e-4cc7-856d-07a974bfc25a", "relationship_type": "analysed-with", "timestamp": "1518771603", "uuid": "5a7dacb6-edb0-4941-a6e1-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515753092", "to_ids": true, "type": "sha1", "uuid": "5a588e84-d19c-4f9d-8684-5f67950d210f", "value": "e9dcdae1406ab1132dc9d507fd63503e5c4d41d9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515753092", "to_ids": false, "type": "text", "uuid": "5a588e84-9364-4216-8827-5f67950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515753110", "uuid": "5a588e93-5dfc-45e3-b6a4-4456950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a588e93-5dfc-45e3-b6a4-4456950d210f", "referenced_uuid": "672456f3-351d-4587-8114-0c562fcb6082", "relationship_type": "analysed-with", "timestamp": "1518771603", "uuid": "5a7dacb7-b1a0-454e-87b1-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515753107", "to_ids": true, "type": "sha1", "uuid": "5a588e93-3608-4a94-b664-4c11950d210f", "value": "8cfa551d15320f0157ece3bdf30b1c62765a93a5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515753107", "to_ids": false, "type": "text", "uuid": "5a588e93-5a18-40e8-8964-48f5950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515753127", "uuid": "5a588ea4-afa0-4611-bfb8-5f67950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a588ea4-afa0-4611-bfb8-5f67950d210f", "referenced_uuid": "a41b07c7-d703-4a24-95e3-7d4c50770c9b", "relationship_type": "analysed-with", "timestamp": "1518771603", "uuid": "5a7dacb7-ae7c-4487-8d82-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515753124", "to_ids": true, "type": "sha1", "uuid": "5a588ea4-2050-4eb8-93a1-5f67950d210f", "value": "0400b35d703d872adc64aa7ef914a260903998ca" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515753124", "to_ids": false, "type": "text", "uuid": "5a588ea4-ac28-4cbb-a3a1-5f67950d210f", "value": "Malicious" } ] }, { "comment": "ZIP archive with the Proton malware and Python scripts", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515753308", "uuid": "5a588f59-6d78-49a5-994d-47b5950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a588f59-6d78-49a5-994d-47b5950d210f", "referenced_uuid": "77a6bb0a-b55e-4b33-ae86-c7ae2004d914", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a7dacb7-8344-487f-9540-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515753305", "to_ids": true, "type": "filename", "uuid": "5a588f59-a6c4-45cb-b63a-4d76950d210f", "value": "Elmedia Player.app/Contents/Resources/.pl.zip" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515753306", "to_ids": true, "type": "sha1", "uuid": "5a588f5a-a5d4-474b-ac23-4620950d210f", "value": "9e5378165bb20e9a7f74a7fcc73b528f7b231a75" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515753306", "to_ids": false, "type": "text", "uuid": "5a588f5a-7ca0-4e95-bbe7-4a8a950d210f", "value": "Malicious" } ] }, { "comment": "Launcher (or wrapper)", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515754027", "uuid": "5a589228-91e8-4b7e-a099-4ccd950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a589228-91e8-4b7e-a099-4ccd950d210f", "referenced_uuid": "cde25116-2c43-45fe-90a9-9d17cf9e4e7c", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a7dacb7-2504-4f38-87ea-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515754024", "to_ids": true, "type": "filename", "uuid": "5a589228-56cc-40a5-b57c-4ebd950d210f", "value": "Elmedia Player.app/Contents/MacOS/Elmedia Player" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515754025", "to_ids": true, "type": "sha1", "uuid": "5a589229-2a54-43f5-9914-421e950d210f", "value": "c9472d791c076a10dce5ff0d3ab6e7706524b741" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515754025", "to_ids": false, "type": "text", "uuid": "5a589229-bfdc-40d0-abaa-439c950d210f", "value": "Malicious" } ] }, { "comment": "Proton malware, not signed", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515754085", "uuid": "5a589262-4dd4-4e98-8159-6247950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a589262-4dd4-4e98-8159-6247950d210f", "referenced_uuid": "e71d92c3-fb0b-4408-95c7-c3afe71baae7", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a7dacb7-d228-429f-9a58-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515754082", "to_ids": true, "type": "filename", "uuid": "5a589262-e680-4ed2-b3ca-6247950d210f", "value": "Updater.app/Contents/MacOS/Updater" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515754083", "to_ids": true, "type": "sha1", "uuid": "5a589263-428c-4b6f-bce7-6247950d210f", "value": "3ef34e2581937babd2b7ce63ab1d92cd9440181a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515754083", "to_ids": false, "type": "text", "uuid": "5a589263-8808-4386-bc65-6247950d210f", "value": "Malicious" } ] }, { "comment": "ZIP of App bundle", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515764445", "uuid": "5a58bada-0930-472d-8af6-4307950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a58bada-0930-472d-8af6-4307950d210f", "referenced_uuid": "5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a7dacb7-6698-46e3-a7cb-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515764443", "to_ids": true, "type": "filename", "uuid": "5a58badb-2ae4-4e9f-b619-41b3950d210f", "value": "Office 2016 Patcher.zip" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515764443", "to_ids": true, "type": "sha1", "uuid": "5a58badb-66f0-484c-8c08-4d4c950d210f", "value": "1b7380d283ceebcabb683464ba0bb6dd73d6e886" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515764443", "to_ids": false, "type": "text", "uuid": "5a58badb-872c-4b35-81d5-46e1950d210f", "value": "Malicious" } ] }, { "comment": "ZIP of App bundle", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515764957", "uuid": "5a58bcda-a8f8-43a6-acb8-4fbc950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a58bcda-a8f8-43a6-acb8-4fbc950d210f", "referenced_uuid": "e72fba22-ef47-4486-b345-e02af2e3f2ba", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a7dacb7-d0e4-4785-8aee-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515764954", "to_ids": true, "type": "filename", "uuid": "5a58bcda-da50-4dfe-916c-4aac950d210f", "value": "Adobe Premiere Pro CC 2017 Patcher.zip" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515764954", "to_ids": true, "type": "sha1", "uuid": "5a58bcda-db14-46d4-ac8c-44f0950d210f", "value": "a91a529f89b1ab8792c345f823e101b55d656a08" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515764954", "to_ids": false, "type": "text", "uuid": "5a58bcda-8fbc-4e5f-8ac2-437f950d210f", "value": "Malicious" } ] }, { "comment": "Mach-O", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515764988", "uuid": "5a58bcf9-4efc-4891-99c0-4a32950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a58bcf9-4efc-4891-99c0-4a32950d210f", "referenced_uuid": "10efb953-d0cc-4219-8b64-fd1aea48048d", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a7dacb7-0214-4bd2-a4f4-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515764985", "to_ids": true, "type": "filename", "uuid": "5a58bcf9-7538-4300-865a-4603950d210f", "value": "Office 2016 Patcher" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515764985", "to_ids": true, "type": "sha1", "uuid": "5a58bcf9-bc34-4675-935f-452b950d210f", "value": "e55fe159e6e3a8459e9363401fcc864335fee321" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515764985", "to_ids": false, "type": "text", "uuid": "5a58bcf9-a6dc-4eca-b641-486f950d210f", "value": "Malicious" } ] }, { "comment": "Mach-O", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765016", "uuid": "5a58bd15-e480-4b26-b998-45da950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5a58bd15-e480-4b26-b998-45da950d210f", "referenced_uuid": "a643b2e6-13d0-4844-bb44-3708ee4f1430", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a7dacb8-77e4-41c2-9ee7-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765013", "to_ids": true, "type": "filename", "uuid": "5a58bd15-e76c-41d8-a1f6-423c950d210f", "value": "Adobe Premiere Pro CC 2017 Patcher" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515765013", "to_ids": true, "type": "sha1", "uuid": "5a58bd15-b5bc-4ce8-9ebf-4ef1950d210f", "value": "3820b23c1057f8c3522c47737f25183a3c15e4db" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765013", "to_ids": false, "type": "text", "uuid": "5a58bd15-b388-42a0-9e9e-48da950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765788", "uuid": "5a58c01c-b8f4-40e3-98cd-4936950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765788", "to_ids": true, "type": "filename", "uuid": "5a58c01c-c9cc-4a5f-a77d-4cc9950d210f", "value": "Install Adobe Flash Player.app.zip" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515765788", "to_ids": true, "type": "sha256", "uuid": "5a58c01c-daac-4b25-b4de-4759950d210f", "value": "b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765788", "to_ids": false, "type": "text", "uuid": "5a58c01c-8638-4eab-a2fa-45ce950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765814", "uuid": "5a58c036-a548-4862-a538-446a950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765814", "to_ids": true, "type": "filename", "uuid": "5a58c036-fb6c-46fb-94a4-44d6950d210f", "value": "Install" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515765814", "to_ids": true, "type": "sha256", "uuid": "5a58c036-bf74-4920-8c74-401a950d210f", "value": "5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765814", "to_ids": false, "type": "text", "uuid": "5a58c036-a95c-4106-8b20-4ed7950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765840", "uuid": "5a58c050-7084-4c75-9670-400a950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765840", "to_ids": true, "type": "filename", "uuid": "5a58c050-fa54-46ad-9570-4513950d210f", "value": "install.sh" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515765840", "to_ids": true, "type": "sha256", "uuid": "5a58c050-e1b4-41e4-aed9-45f9950d210f", "value": "0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765840", "to_ids": false, "type": "text", "uuid": "5a58c050-892c-42ca-9eb2-4b2a950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765877", "uuid": "5a58c075-f7d4-4c8b-8e4b-4bb9950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765877", "to_ids": true, "type": "filename", "uuid": "5a58c075-02e8-4f97-bef4-4869950d210f", "value": "Install Adobe Flash Player" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515765878", "to_ids": true, "type": "sha256", "uuid": "5a58c076-2d90-4c80-9afb-44ec950d210f", "value": "7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765878", "to_ids": false, "type": "text", "uuid": "5a58c076-01c8-403d-a6ef-481e950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765907", "uuid": "5a58c093-809c-40dc-b89c-4465950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765907", "to_ids": true, "type": "filename", "uuid": "5a58c093-7938-4404-9b02-4742950d210f", "value": "Installdp" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515765907", "to_ids": true, "type": "sha256", "uuid": "5a58c093-d9a8-4ecb-84ed-4a64950d210f", "value": "d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765907", "to_ids": false, "type": "text", "uuid": "5a58c093-8a40-4c24-98ab-454c950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765934", "uuid": "5a58c0ae-c4dc-4e61-adac-4746950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765934", "to_ids": true, "type": "filename", "uuid": "5a58c0ae-bdc0-43d2-9dba-4c04950d210f", "value": "com.adobe.update" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515765934", "to_ids": true, "type": "sha256", "uuid": "5a58c0ae-05c4-42fc-8bdf-48c3950d210f", "value": "b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765934", "to_ids": false, "type": "text", "uuid": "5a58c0ae-6e68-4d91-b7b2-4d47950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765955", "uuid": "5a58c0c3-26d0-4a90-8753-4cf7950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765956", "to_ids": true, "type": "filename", "uuid": "5a58c0c4-364c-499e-be36-484e950d210f", "value": "installd.sh" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515765956", "to_ids": true, "type": "sha256", "uuid": "5a58c0c4-c408-4a9d-b139-4423950d210f", "value": "6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765956", "to_ids": false, "type": "text", "uuid": "5a58c0c4-eb0c-44b4-b762-424f950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "9", "timestamp": "1515765977", "uuid": "5a58c0d9-822c-4fc7-96ad-4dbc950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1515765978", "to_ids": true, "type": "filename", "uuid": "5a58c0da-b2f8-4669-a747-4d6b950d210f", "value": "queue" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515765978", "to_ids": true, "type": "sha256", "uuid": "5a58c0da-bbbc-4637-81cd-4af2950d210f", "value": "92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1515765978", "to_ids": false, "type": "text", "uuid": "5a58c0da-02c8-4480-a7f8-4430950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766055", "uuid": "1a0ee044-7122-498a-9723-2e6a34cfe282", "ObjectReference": [ { "comment": "", "object_uuid": "1a0ee044-7122-498a-9723-2e6a34cfe282", "referenced_uuid": "2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a58c12a-42d0-4a1a-85a0-4b4702de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766052", "to_ids": true, "type": "sha1", "uuid": "5a58c124-c884-4712-8129-44cc02de0b81", "value": "a91a529f89b1ab8792c345f823e101b55d656a08" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766052", "to_ids": true, "type": "md5", "uuid": "5a58c124-43a8-424b-bcef-4fc302de0b81", "value": "766f058837b08f890bb97198c21b6cc1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766052", "to_ids": true, "type": "sha256", "uuid": "5a58c124-1a34-4cbf-88d6-434402de0b81", "value": "c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766052", "uuid": "2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766052", "to_ids": false, "type": "link", "uuid": "5a58c124-f528-425a-945d-401002de0b81", "value": "https://www.virustotal.com/file/c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709/analysis/1501703565/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766052", "to_ids": false, "type": "text", "uuid": "5a58c124-1cd0-4c4d-8d7c-4db102de0b81", "value": "31/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766052", "to_ids": false, "type": "datetime", "uuid": "5a58c124-83a4-409a-93a3-474702de0b81", "value": "2017-08-02T19:52:45" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766055", "uuid": "dd355e08-3cf3-4834-aff2-942c4d631ef8", "ObjectReference": [ { "comment": "", "object_uuid": "dd355e08-3cf3-4834-aff2-942c4d631ef8", "referenced_uuid": "d553ed19-0a19-4bff-a1cb-29a2174a1504", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a58c12a-599c-4042-9075-4d3c02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766052", "to_ids": true, "type": "sha1", "uuid": "5a58c124-3010-485b-9908-499602de0b81", "value": "8cfa551d15320f0157ece3bdf30b1c62765a93a5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766052", "to_ids": true, "type": "md5", "uuid": "5a58c124-42e4-4fa2-b210-4faa02de0b81", "value": "29fb77664fc4f13ea5f65cfe01b292af" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766052", "to_ids": true, "type": "sha256", "uuid": "5a58c124-4850-4113-9274-473102de0b81", "value": "c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766052", "uuid": "d553ed19-0a19-4bff-a1cb-29a2174a1504", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766052", "to_ids": false, "type": "link", "uuid": "5a58c124-4378-4212-99ee-435c02de0b81", "value": "https://www.virustotal.com/file/c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b/analysis/1508668992/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766052", "to_ids": false, "type": "text", "uuid": "5a58c124-bc04-4d71-89f6-4c7c02de0b81", "value": "16/58" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766052", "to_ids": false, "type": "datetime", "uuid": "5a58c125-baf8-4e35-93df-4ada02de0b81", "value": "2017-10-22T10:43:12" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766056", "uuid": "607b7d37-5391-4828-9785-747ca987e6d0", "ObjectReference": [ { "comment": "", "object_uuid": "607b7d37-5391-4828-9785-747ca987e6d0", "referenced_uuid": "c962297e-54fe-479d-bc30-24c2e4425ad9", "relationship_type": "analysed-with", "timestamp": "1518771604", "uuid": "5a58c12b-eb30-44d6-a2f7-416f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Proton malware, not signed", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766053", "to_ids": true, "type": "sha1", "uuid": "5a58c125-ea24-4144-9e4a-486402de0b81", "value": "ef5a11a1bb5b2423554309688aa7947f4afa5388" }, { "category": "Payload delivery", "comment": "Proton malware, not signed", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766053", "to_ids": true, "type": "md5", "uuid": "5a58c125-ff7c-4cf3-a74d-42a802de0b81", "value": "ff44372fce42ffe13222e7237d4cdef1" }, { "category": "Payload delivery", "comment": "Proton malware, not signed", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766053", "to_ids": true, "type": "sha256", "uuid": "5a58c125-5698-4581-b8b8-459802de0b81", "value": "061f056338e00d38cdfb6b1f40d8e4f8d3f1d7214f6d9a48d0d91d766b7574b7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766053", "uuid": "c962297e-54fe-479d-bc30-24c2e4425ad9", "Attribute": [ { "category": "External analysis", "comment": "Proton malware, not signed", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766053", "to_ids": false, "type": "link", "uuid": "5a58c125-5db4-4da5-9a07-4a9902de0b81", "value": "https://www.virustotal.com/file/061f056338e00d38cdfb6b1f40d8e4f8d3f1d7214f6d9a48d0d91d766b7574b7/analysis/1511177323/" }, { "category": "Other", "comment": "Proton malware, not signed", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766053", "to_ids": false, "type": "text", "uuid": "5a58c125-b6dc-4beb-bc75-4e4002de0b81", "value": "32/58" }, { "category": "Other", "comment": "Proton malware, not signed", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766053", "to_ids": false, "type": "datetime", "uuid": "5a58c125-9158-43b5-9839-45a602de0b81", "value": "2017-11-20T11:28:43" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766056", "uuid": "845b2d47-0368-4a40-91d0-479d97eacda4", "ObjectReference": [ { "comment": "", "object_uuid": "845b2d47-0368-4a40-91d0-479d97eacda4", "referenced_uuid": "22650c01-93d0-43cb-9b39-9e6b3db474eb", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-2eec-4e09-83f6-418102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766053", "to_ids": true, "type": "sha1", "uuid": "5a58c125-f670-4f66-a233-497c02de0b81", "value": "e9dcdae1406ab1132dc9d507fd63503e5c4d41d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766053", "to_ids": true, "type": "md5", "uuid": "5a58c125-9ba8-4d19-8173-4e0802de0b81", "value": "c7a2a5c0fbe4df3afd9dbedecf8321da" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766053", "to_ids": true, "type": "sha256", "uuid": "5a58c125-b7c4-4523-b954-45d902de0b81", "value": "b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766053", "uuid": "22650c01-93d0-43cb-9b39-9e6b3db474eb", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766053", "to_ids": false, "type": "link", "uuid": "5a58c125-7bfc-4172-995d-492d02de0b81", "value": "https://www.virustotal.com/file/b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1/analysis/1508922137/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766053", "to_ids": false, "type": "text", "uuid": "5a58c125-bbcc-43e0-b20b-485102de0b81", "value": "18/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766053", "to_ids": false, "type": "datetime", "uuid": "5a58c125-579c-4620-a593-4efc02de0b81", "value": "2017-10-25T09:02:17" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766056", "uuid": "8cb5ebee-fcb0-4f05-a707-708b1eaddd59", "ObjectReference": [ { "comment": "", "object_uuid": "8cb5ebee-fcb0-4f05-a707-708b1eaddd59", "referenced_uuid": "9f51aaa1-7f34-4b9a-b4a4-34413e3295e3", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-ff60-45ec-93e8-49ef02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766053", "to_ids": true, "type": "sha1", "uuid": "5a58c125-70a8-4f02-9bef-4e7202de0b81", "value": "9e5378165bb20e9a7f74a7fcc73b528f7b231a75" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766053", "to_ids": true, "type": "md5", "uuid": "5a58c125-2744-4006-9990-45b002de0b81", "value": "0ca749b61c7e76e6ec07c33aab01aab3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766053", "to_ids": true, "type": "sha256", "uuid": "5a58c125-b6bc-48c6-9722-437002de0b81", "value": "553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766053", "uuid": "9f51aaa1-7f34-4b9a-b4a4-34413e3295e3", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766053", "to_ids": false, "type": "link", "uuid": "5a58c125-2dd4-4e08-a8eb-40ac02de0b81", "value": "https://www.virustotal.com/file/553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad/analysis/1511207074/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766053", "to_ids": false, "type": "text", "uuid": "5a58c125-e1e0-4a1d-a360-460d02de0b81", "value": "34/60" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766053", "to_ids": false, "type": "datetime", "uuid": "5a58c125-06bc-43be-aab6-4d6d02de0b81", "value": "2017-11-20T19:44:34" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766056", "uuid": "193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b", "ObjectReference": [ { "comment": "", "object_uuid": "193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b", "referenced_uuid": "21ee3580-cfc9-41d7-99c2-00615d045962", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-cd7c-401d-a1da-448502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766053", "to_ids": true, "type": "sha1", "uuid": "5a58c125-670c-48f3-b9f8-492902de0b81", "value": "3ef34e2581937babd2b7ce63ab1d92cd9440181a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766053", "to_ids": true, "type": "md5", "uuid": "5a58c125-ae5c-4a39-ac9e-4e7102de0b81", "value": "9f5013e080d628a35ba190621e0998c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766053", "to_ids": true, "type": "sha256", "uuid": "5a58c125-0dc8-44dc-ae76-42e902de0b81", "value": "cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766053", "uuid": "21ee3580-cfc9-41d7-99c2-00615d045962", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766053", "to_ids": false, "type": "link", "uuid": "5a58c125-56c4-4949-b3c5-416f02de0b81", "value": "https://www.virustotal.com/file/cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452/analysis/1511178355/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766053", "to_ids": false, "type": "text", "uuid": "5a58c125-c294-4611-8b13-42e002de0b81", "value": "32/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766053", "to_ids": false, "type": "datetime", "uuid": "5a58c125-8914-456b-b452-404802de0b81", "value": "2017-11-20T11:45:55" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766056", "uuid": "f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea", "ObjectReference": [ { "comment": "", "object_uuid": "f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea", "referenced_uuid": "eb9962e1-8c34-45bf-b7be-9ce7bc3fec07", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-72f8-469c-864c-4e1f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "ZIP archive with the Proton malware and Python scripts", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766053", "to_ids": true, "type": "sha1", "uuid": "5a58c125-a534-4234-aa4e-4a4702de0b81", "value": "10a09c09fd5dd76202e308718a357abc7de291b5" }, { "category": "Payload delivery", "comment": "ZIP archive with the Proton malware and Python scripts", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766053", "to_ids": true, "type": "md5", "uuid": "5a58c125-f00c-42c3-90ef-46d502de0b81", "value": "5f145ed27ec88add379676729cbad15f" }, { "category": "Payload delivery", "comment": "ZIP archive with the Proton malware and Python scripts", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766054", "to_ids": true, "type": "sha256", "uuid": "5a58c126-b0c0-4b50-9c51-491302de0b81", "value": "2ec4b1705b690ab8c558e3e8ead8bbd34b1fb1b260a27f40b34718be3b71a3a7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766054", "uuid": "eb9962e1-8c34-45bf-b7be-9ce7bc3fec07", "Attribute": [ { "category": "External analysis", "comment": "ZIP archive with the Proton malware and Python scripts", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766054", "to_ids": false, "type": "link", "uuid": "5a58c126-08b0-47d4-b924-4cf202de0b81", "value": "https://www.virustotal.com/file/2ec4b1705b690ab8c558e3e8ead8bbd34b1fb1b260a27f40b34718be3b71a3a7/analysis/1511434500/" }, { "category": "Other", "comment": "ZIP archive with the Proton malware and Python scripts", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766054", "to_ids": false, "type": "text", "uuid": "5a58c126-dac8-4d6e-9d75-48a902de0b81", "value": "33/60" }, { "category": "Other", "comment": "ZIP archive with the Proton malware and Python scripts", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766054", "to_ids": false, "type": "datetime", "uuid": "5a58c126-4d14-42b2-9895-4fb802de0b81", "value": "2017-11-23T10:55:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766057", "uuid": "a10445d8-f9e8-485b-8d4a-167ce8bea45d", "ObjectReference": [ { "comment": "", "object_uuid": "a10445d8-f9e8-485b-8d4a-167ce8bea45d", "referenced_uuid": "cb259893-8a4b-4847-b19a-50a9bb705885", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-0a88-4281-97c4-411202de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766054", "to_ids": true, "type": "sha1", "uuid": "5a58c126-2694-427d-8e18-400802de0b81", "value": "3820b23c1057f8c3522c47737f25183a3c15e4db" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766054", "to_ids": true, "type": "md5", "uuid": "5a58c126-8bc0-45ba-ac1e-41cc02de0b81", "value": "20f20918149fa3a972a87b3364248772" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766054", "to_ids": true, "type": "sha256", "uuid": "5a58c126-f980-4f61-892d-4eff02de0b81", "value": "c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766054", "uuid": "cb259893-8a4b-4847-b19a-50a9bb705885", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766054", "to_ids": false, "type": "link", "uuid": "5a58c126-08ac-404d-a0ae-4ea102de0b81", "value": "https://www.virustotal.com/file/c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e/analysis/1509667740/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766054", "to_ids": false, "type": "text", "uuid": "5a58c126-aa14-43ec-87e2-482702de0b81", "value": "33/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766054", "to_ids": false, "type": "datetime", "uuid": "5a58c126-0764-4002-afca-4c5c02de0b81", "value": "2017-11-03T00:09:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766057", "uuid": "f41bbf4c-5ca3-4e62-af09-e1a9145ee05e", "ObjectReference": [ { "comment": "", "object_uuid": "f41bbf4c-5ca3-4e62-af09-e1a9145ee05e", "referenced_uuid": "bf3e1c52-bd79-4344-beed-865e505b5210", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-ab4c-43c4-8041-4c1c02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766054", "to_ids": true, "type": "sha1", "uuid": "5a58c126-7954-456b-bae6-42f102de0b81", "value": "1b7380d283ceebcabb683464ba0bb6dd73d6e886" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766054", "to_ids": true, "type": "md5", "uuid": "5a58c126-a290-4af4-adbe-447e02de0b81", "value": "1b8be665af7729618d70bad773aac423" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766054", "to_ids": true, "type": "sha256", "uuid": "5a58c126-89e0-4588-853a-463802de0b81", "value": "d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766054", "uuid": "bf3e1c52-bd79-4344-beed-865e505b5210", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766054", "to_ids": false, "type": "link", "uuid": "5a58c126-33a8-4741-976e-440402de0b81", "value": "https://www.virustotal.com/file/d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038/analysis/1508798227/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766054", "to_ids": false, "type": "text", "uuid": "5a58c126-c5f0-4350-a0c0-47d602de0b81", "value": "32/60" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766054", "to_ids": false, "type": "datetime", "uuid": "5a58c126-9664-463a-bb7a-46e102de0b81", "value": "2017-10-23T22:37:07" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766057", "uuid": "44885bf0-1f38-4d25-b9d9-80c3b47bed40", "ObjectReference": [ { "comment": "", "object_uuid": "44885bf0-1f38-4d25-b9d9-80c3b47bed40", "referenced_uuid": "e4dd2223-b1b9-40d2-b87b-9e819a6a68fb", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-bafc-4e52-9e5b-420602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766054", "to_ids": true, "type": "sha1", "uuid": "5a58c126-fbf4-4a70-9efa-445a02de0b81", "value": "c9472d791c076a10dce5ff0d3ab6e7706524b741" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766054", "to_ids": true, "type": "md5", "uuid": "5a58c126-bac4-4010-b9d2-423d02de0b81", "value": "cc3297083ad89cabfd58d251cbbe3ca9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766054", "to_ids": true, "type": "sha256", "uuid": "5a58c126-9a74-43cf-be3b-4a9002de0b81", "value": "2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766054", "uuid": "e4dd2223-b1b9-40d2-b87b-9e819a6a68fb", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766054", "to_ids": false, "type": "link", "uuid": "5a58c126-b024-4447-a928-4c8c02de0b81", "value": "https://www.virustotal.com/file/2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5/analysis/1511177410/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766054", "to_ids": false, "type": "text", "uuid": "5a58c126-5fec-48c6-b0af-4df102de0b81", "value": "33/60" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766054", "to_ids": false, "type": "datetime", "uuid": "5a58c126-7388-4421-a4e6-4b7a02de0b81", "value": "2017-11-20T11:30:10" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766057", "uuid": "bf5df298-de3c-4398-9e6d-833e38d5c81f", "ObjectReference": [ { "comment": "", "object_uuid": "bf5df298-de3c-4398-9e6d-833e38d5c81f", "referenced_uuid": "ddd10108-2f29-4846-bea0-1e80d1c62981", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-daf0-434a-9a60-413d02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766054", "to_ids": true, "type": "sha1", "uuid": "5a58c126-2df0-4127-9ec6-49cf02de0b81", "value": "0400b35d703d872adc64aa7ef914a260903998ca" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766054", "to_ids": true, "type": "md5", "uuid": "5a58c126-77ac-40b3-be1e-41f002de0b81", "value": "1a6f74f29c985259fe1f6c4821c51373" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766054", "to_ids": true, "type": "sha256", "uuid": "5a58c126-0358-477a-924a-41af02de0b81", "value": "247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766054", "uuid": "ddd10108-2f29-4846-bea0-1e80d1c62981", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766054", "to_ids": false, "type": "link", "uuid": "5a58c126-a598-4cee-b6d2-4cca02de0b81", "value": "https://www.virustotal.com/file/247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff/analysis/1515612036/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766054", "to_ids": false, "type": "text", "uuid": "5a58c126-5fc4-4512-ac9a-47c602de0b81", "value": "26/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766055", "to_ids": false, "type": "datetime", "uuid": "5a58c127-03d4-4cdd-afd4-466302de0b81", "value": "2018-01-10T19:20:36" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766058", "uuid": "4451bac1-bdc3-4bbd-a01d-ec5902aea71d", "ObjectReference": [ { "comment": "", "object_uuid": "4451bac1-bdc3-4bbd-a01d-ec5902aea71d", "referenced_uuid": "3efc2992-b363-4793-87b3-5ec2032cdd31", "relationship_type": "analysed-with", "timestamp": "1518771605", "uuid": "5a58c12b-ab84-4ce6-b26a-462202de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Launcher (or wrapper)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766055", "to_ids": true, "type": "sha1", "uuid": "5a58c127-d5e8-4fcf-9633-4a6802de0b81", "value": "30d77908ac9d37c4c14d32ea3e0b8df4c7e75464" }, { "category": "Payload delivery", "comment": "Launcher (or wrapper)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766055", "to_ids": true, "type": "md5", "uuid": "5a58c127-c780-4611-a0fb-4d9002de0b81", "value": "ff80d97674e148687affd6a4e3ccf00a" }, { "category": "Payload delivery", "comment": "Launcher (or wrapper)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766055", "to_ids": true, "type": "sha256", "uuid": "5a58c127-1ddc-4e0a-9842-493502de0b81", "value": "4d33f4a3c1cbf9cded6a3a096025d0b44905e0308bd3662a496a0701f2ec942d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766055", "uuid": "3efc2992-b363-4793-87b3-5ec2032cdd31", "Attribute": [ { "category": "External analysis", "comment": "Launcher (or wrapper)", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766055", "to_ids": false, "type": "link", "uuid": "5a58c127-e140-45dd-9460-462d02de0b81", "value": "https://www.virustotal.com/file/4d33f4a3c1cbf9cded6a3a096025d0b44905e0308bd3662a496a0701f2ec942d/analysis/1511434515/" }, { "category": "Other", "comment": "Launcher (or wrapper)", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766055", "to_ids": false, "type": "text", "uuid": "5a58c127-9e20-4ff5-860f-428b02de0b81", "value": "30/56" }, { "category": "Other", "comment": "Launcher (or wrapper)", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766055", "to_ids": false, "type": "datetime", "uuid": "5a58c127-f8f4-467f-9072-4c6602de0b81", "value": "2017-11-23T10:55:15" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766058", "uuid": "f9086285-81ea-4ede-b4d3-0c086cd67629", "ObjectReference": [ { "comment": "", "object_uuid": "f9086285-81ea-4ede-b4d3-0c086cd67629", "referenced_uuid": "bb34db62-0780-4909-ad47-8d825362d6cf", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a58c12b-0284-4478-9bc3-449402de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766055", "to_ids": true, "type": "sha1", "uuid": "5a58c127-bdcc-49d3-afb1-468402de0b81", "value": "e55fe159e6e3a8459e9363401fcc864335fee321" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766055", "to_ids": true, "type": "md5", "uuid": "5a58c127-07f8-46a6-9df2-425202de0b81", "value": "fc22fbe8dda4258a9f0ceb7e15a04fc2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766055", "to_ids": true, "type": "sha256", "uuid": "5a58c127-5bb4-4de8-ba97-40b002de0b81", "value": "91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766055", "uuid": "bb34db62-0780-4909-ad47-8d825362d6cf", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766055", "to_ids": false, "type": "link", "uuid": "5a58c127-bffc-4d77-a7b4-4ac202de0b81", "value": "https://www.virustotal.com/file/91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8/analysis/1509667741/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766055", "to_ids": false, "type": "text", "uuid": "5a58c127-35d0-41dd-9c8a-406402de0b81", "value": "33/60" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766055", "to_ids": false, "type": "datetime", "uuid": "5a58c127-9b88-42e8-be0e-4a4602de0b81", "value": "2017-11-03T00:09:01" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766058", "uuid": "49b4e424-a863-47c4-907c-e282e6e65df3", "ObjectReference": [ { "comment": "", "object_uuid": "49b4e424-a863-47c4-907c-e282e6e65df3", "referenced_uuid": "b5786be9-5a78-4df3-b021-1dec3dec8d55", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a58c12b-05e8-429c-9c26-468c02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766055", "to_ids": true, "type": "sha1", "uuid": "5a58c127-a510-41d5-a905-4dd102de0b81", "value": "0603353852e174fc0337642e3957c7423f182a8c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766055", "to_ids": true, "type": "md5", "uuid": "5a58c127-14bc-480c-97ca-492502de0b81", "value": "c411c46b480e84aae81abbe47c628dae" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766055", "to_ids": true, "type": "sha256", "uuid": "5a58c127-5dbc-4421-abea-488602de0b81", "value": "c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766055", "uuid": "b5786be9-5a78-4df3-b021-1dec3dec8d55", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766055", "to_ids": false, "type": "link", "uuid": "5a58c127-cf20-45a3-8d13-409f02de0b81", "value": "https://www.virustotal.com/file/c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88/analysis/1515612033/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766055", "to_ids": false, "type": "text", "uuid": "5a58c127-e0e8-456a-814b-41b902de0b81", "value": "4/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766055", "to_ids": false, "type": "datetime", "uuid": "5a58c127-a940-41c2-9e04-4bde02de0b81", "value": "2018-01-10T19:20:33" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766058", "uuid": "5c4fe5fd-d899-4e20-b4b5-e39398733757", "ObjectReference": [ { "comment": "", "object_uuid": "5c4fe5fd-d899-4e20-b4b5-e39398733757", "referenced_uuid": "4f4b9b57-b256-4d40-ae26-c8602137bfb6", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a58c12b-1b3c-406d-9503-4e5302de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766055", "to_ids": true, "type": "sha1", "uuid": "5a58c127-1200-4186-b78d-4e9302de0b81", "value": "db3f0426f6e434555e6b6bb4053e508f74580387" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766055", "to_ids": true, "type": "md5", "uuid": "5a58c127-1bd4-496f-8fd5-413502de0b81", "value": "2ee232b1a56f21bdd0b46ba0acd12a22" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766055", "to_ids": true, "type": "sha256", "uuid": "5a58c127-dfe0-4390-9700-4a9002de0b81", "value": "cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766055", "uuid": "4f4b9b57-b256-4d40-ae26-c8602137bfb6", "Attribute": [ { "category": "External analysis", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766055", "to_ids": false, "type": "link", "uuid": "5a58c127-a370-4e4c-ae0b-466b02de0b81", "value": "https://www.virustotal.com/file/cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7/analysis/1495101805/" }, { "category": "Other", "comment": "Dok", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766055", "to_ids": false, "type": "text", "uuid": "5a58c127-2fe0-4b75-9436-471902de0b81", "value": "19/57" }, { "category": "Other", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766055", "to_ids": false, "type": "datetime", "uuid": "5a58c127-6b98-4802-9762-400802de0b81", "value": "2017-05-18T10:03:25" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766058", "uuid": "a49ac8ee-df74-445f-9d00-eff900554eb8", "ObjectReference": [ { "comment": "", "object_uuid": "a49ac8ee-df74-445f-9d00-eff900554eb8", "referenced_uuid": "d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a58c12b-0300-490f-8f26-4f0402de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766055", "to_ids": true, "type": "sha1", "uuid": "5a58c127-1bfc-45c1-9385-433802de0b81", "value": "f5d3425482dc4f4f738277ff3ba315b496894899" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766055", "to_ids": true, "type": "md5", "uuid": "5a58c127-2378-4d9a-a5d9-4a7702de0b81", "value": "e8bdde90574d5bf285d9abb0c8a113a8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766055", "to_ids": true, "type": "sha256", "uuid": "5a58c127-a218-4a36-9580-4f2b02de0b81", "value": "7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766055", "uuid": "d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766056", "to_ids": false, "type": "link", "uuid": "5a58c128-10a0-4988-b743-418602de0b81", "value": "https://www.virustotal.com/file/7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145/analysis/1494408249/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766056", "to_ids": false, "type": "text", "uuid": "5a58c128-c720-4ebb-8203-472b02de0b81", "value": "28/57" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766056", "to_ids": false, "type": "datetime", "uuid": "5a58c128-a12c-4f6c-b6dc-469202de0b81", "value": "2017-05-10T09:24:09" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766059", "uuid": "96fcaf45-1bba-4a72-be42-a90d1c2052e2", "ObjectReference": [ { "comment": "", "object_uuid": "96fcaf45-1bba-4a72-be42-a90d1c2052e2", "referenced_uuid": "84bccfef-2072-49f1-b605-8bca7e67be2f", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a58c12b-61e8-40d1-992b-4f5a02de0b81" }, { "comment": "", "object_uuid": "96fcaf45-1bba-4a72-be42-a90d1c2052e2", "referenced_uuid": "85b2b880-d3e8-4dea-bea6-10c2a491856b", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a7dacb8-e5f8-4f8d-b3e9-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766056", "to_ids": true, "type": "sha1", "uuid": "5a58c128-0054-4432-b47f-429702de0b81", "value": "66e520e18accd92abb4722a6cd6a285981ac5bd1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766056", "to_ids": true, "type": "md5", "uuid": "5a58c128-9808-4261-afe6-48ab02de0b81", "value": "7bb4f5d962a5b3bb18db9ce08c0b6cbf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766056", "to_ids": true, "type": "sha256", "uuid": "5a58c128-34d8-44a4-aeb1-45b502de0b81", "value": "bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766056", "uuid": "84bccfef-2072-49f1-b605-8bca7e67be2f", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766056", "to_ids": false, "type": "link", "uuid": "5a58c128-1c0c-453e-afe1-432602de0b81", "value": "https://www.virustotal.com/file/bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55/analysis/1514646319/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766056", "to_ids": false, "type": "text", "uuid": "5a58c128-2de0-4e78-9e87-4fb602de0b81", "value": "30/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766056", "to_ids": false, "type": "datetime", "uuid": "5a58c128-f8f4-45ca-b414-404c02de0b81", "value": "2017-12-30T15:05:19" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766059", "uuid": "25d83980-fd95-481d-a330-6e969b0253eb", "ObjectReference": [ { "comment": "", "object_uuid": "25d83980-fd95-481d-a330-6e969b0253eb", "referenced_uuid": "0f57df59-7f2e-4538-ad44-9198ae1eb7e7", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a58c12b-c118-4186-a609-428002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766056", "to_ids": true, "type": "sha1", "uuid": "5a58c128-a514-4791-bc01-49b602de0b81", "value": "fb4a50ae8a4a5e76a3f88935e4374d4287a53b7d" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766056", "to_ids": true, "type": "md5", "uuid": "5a58c128-5214-41bd-bf2e-4b6002de0b81", "value": "473c6a0b2af67c241a29d87e7fd33634" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766056", "to_ids": true, "type": "sha256", "uuid": "5a58c128-e8ac-4bb3-b040-431902de0b81", "value": "4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766056", "uuid": "0f57df59-7f2e-4538-ad44-9198ae1eb7e7", "Attribute": [ { "category": "External analysis", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766056", "to_ids": false, "type": "link", "uuid": "5a58c128-5100-44bd-81b1-420602de0b81", "value": "https://www.virustotal.com/file/4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7/analysis/1506371408/" }, { "category": "Other", "comment": "Dok", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766056", "to_ids": false, "type": "text", "uuid": "5a58c128-ad88-447c-b50d-441802de0b81", "value": "26/59" }, { "category": "Other", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766056", "to_ids": false, "type": "datetime", "uuid": "5a58c128-3fb8-4d31-a6d9-432302de0b81", "value": "2017-09-25T20:30:08" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766059", "uuid": "9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf", "ObjectReference": [ { "comment": "", "object_uuid": "9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf", "referenced_uuid": "5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a58c12c-94f8-4909-9a60-459902de0b81" }, { "comment": "", "object_uuid": "9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf", "referenced_uuid": "0840973f-94a7-411c-9c35-bebd86da7b47", "relationship_type": "analysed-with", "timestamp": "1518771606", "uuid": "5a7dacb8-28c4-4bc3-9b1f-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766056", "to_ids": true, "type": "sha1", "uuid": "5a58c128-dc2c-456c-875d-417d02de0b81", "value": "598ebb19bf9fbc17c0bf85ce4ece91fa061f74a6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766056", "to_ids": true, "type": "md5", "uuid": "5a58c128-f200-40d1-bdae-4d5002de0b81", "value": "1de4838f13c49d9f959d04b363326ac1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766056", "to_ids": true, "type": "sha256", "uuid": "5a58c128-6e50-4986-9da0-4fa502de0b81", "value": "07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766056", "uuid": "5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766056", "to_ids": false, "type": "link", "uuid": "5a58c128-94c8-4d37-8f35-48d702de0b81", "value": "https://www.virustotal.com/file/07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d/analysis/1510646898/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766056", "to_ids": false, "type": "text", "uuid": "5a58c128-8470-4abc-9828-48aa02de0b81", "value": "36/61" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766056", "to_ids": false, "type": "datetime", "uuid": "5a58c128-6f04-4358-81ca-4fe902de0b81", "value": "2017-11-14T08:08:18" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766059", "uuid": "2c61724f-2d3f-4083-854a-6c9cb42784f3", "ObjectReference": [ { "comment": "", "object_uuid": "2c61724f-2d3f-4083-854a-6c9cb42784f3", "referenced_uuid": "1de4ff44-ee71-4017-a208-7510bc2224ab", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a58c12c-b520-4b84-8136-495d02de0b81" }, { "comment": "", "object_uuid": "2c61724f-2d3f-4083-854a-6c9cb42784f3", "referenced_uuid": "01b8d2c8-326f-4555-a514-65bbf934d953", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a7dacb8-b2bc-4b38-8c98-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766056", "to_ids": true, "type": "sha1", "uuid": "5a58c128-6cc4-48ad-b6fd-495502de0b81", "value": "a323168f95d1a1c65186888c6dd16cd2f9f8539a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766056", "to_ids": true, "type": "md5", "uuid": "5a58c128-a15c-4a01-b0eb-4a2702de0b81", "value": "787d664e842961f2a335139407f91a70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766056", "to_ids": true, "type": "sha256", "uuid": "5a58c128-1218-48ff-b21c-497902de0b81", "value": "52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766056", "uuid": "1de4ff44-ee71-4017-a208-7510bc2224ab", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766056", "to_ids": false, "type": "link", "uuid": "5a58c128-1f14-43ba-9f74-48d802de0b81", "value": "https://www.virustotal.com/file/52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c/analysis/1512899518/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766056", "to_ids": false, "type": "text", "uuid": "5a58c128-ded4-439e-a6d2-48f302de0b81", "value": "30/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766056", "to_ids": false, "type": "datetime", "uuid": "5a58c128-e378-46d6-915f-417602de0b81", "value": "2017-12-10T09:51:58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766059", "uuid": "7bcab0bd-20d4-4b42-b5f1-268637d54d58", "ObjectReference": [ { "comment": "", "object_uuid": "7bcab0bd-20d4-4b42-b5f1-268637d54d58", "referenced_uuid": "76a37ccf-a61f-4466-b91b-dfb81cd4087d", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a58c12c-c070-4222-90c5-463102de0b81" }, { "comment": "", "object_uuid": "7bcab0bd-20d4-4b42-b5f1-268637d54d58", "referenced_uuid": "5c2bd08b-1259-4095-9c9e-3b74506b1585", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a7dacb8-39bc-4126-aefa-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766056", "to_ids": true, "type": "sha1", "uuid": "5a58c128-fd80-4fa4-bec8-43a602de0b81", "value": "cd42b88569faa946a4b9d6f7408b958dcbcf7554" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766056", "to_ids": true, "type": "md5", "uuid": "5a58c128-3f78-427a-8cab-472302de0b81", "value": "9d9cca200dd0e5f9d59225131d5269b0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766056", "to_ids": true, "type": "sha256", "uuid": "5a58c128-c358-4a3e-b3ec-4b8d02de0b81", "value": "83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766056", "uuid": "76a37ccf-a61f-4466-b91b-dfb81cd4087d", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766057", "to_ids": false, "type": "link", "uuid": "5a58c129-dd54-4313-8925-4f4f02de0b81", "value": "https://www.virustotal.com/file/83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3/analysis/1514646249/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766057", "to_ids": false, "type": "text", "uuid": "5a58c129-b444-48e8-a098-4cba02de0b81", "value": "26/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766057", "to_ids": false, "type": "datetime", "uuid": "5a58c129-b744-45c2-a5c1-47b202de0b81", "value": "2017-12-30T15:04:09" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766060", "uuid": "edd54722-ac7d-4351-ad66-d4961e9e23ed", "ObjectReference": [ { "comment": "", "object_uuid": "edd54722-ac7d-4351-ad66-d4961e9e23ed", "referenced_uuid": "98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a58c12c-2558-40f5-8ea8-425302de0b81" }, { "comment": "", "object_uuid": "edd54722-ac7d-4351-ad66-d4961e9e23ed", "referenced_uuid": "e5e57871-79b1-4440-95b3-49bc62c724e5", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a7dacb8-94ac-4175-abcc-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766057", "to_ids": true, "type": "sha1", "uuid": "5a58c129-4488-4239-a6c1-407702de0b81", "value": "18957d7549b4e296fcaeb122ff241d9799804fa3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766057", "to_ids": true, "type": "md5", "uuid": "5a58c129-0c3c-450d-875a-463402de0b81", "value": "e4744b9f927dc8048a19dca15590660c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766057", "to_ids": true, "type": "sha256", "uuid": "5a58c129-3964-4edf-81fc-4bd502de0b81", "value": "ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766057", "uuid": "98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766057", "to_ids": false, "type": "link", "uuid": "5a58c129-53f8-4fe7-80be-4cf002de0b81", "value": "https://www.virustotal.com/file/ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044/analysis/1514646222/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766057", "to_ids": false, "type": "text", "uuid": "5a58c129-237c-400c-930b-465f02de0b81", "value": "33/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766057", "to_ids": false, "type": "datetime", "uuid": "5a58c129-ab20-4015-aa35-474802de0b81", "value": "2017-12-30T15:03:42" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766060", "uuid": "dd110c76-6e54-48c4-badb-b901a57b7bc8", "ObjectReference": [ { "comment": "", "object_uuid": "dd110c76-6e54-48c4-badb-b901a57b7bc8", "referenced_uuid": "d7545769-a98f-47ac-89e1-9074f18b2266", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a58c12c-0140-45a2-bf12-4cc702de0b81" }, { "comment": "", "object_uuid": "dd110c76-6e54-48c4-badb-b901a57b7bc8", "referenced_uuid": "f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a7dacb8-4f74-4cf5-b920-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766057", "to_ids": true, "type": "sha1", "uuid": "5a58c129-2918-4e24-ba08-41cd02de0b81", "value": "3c4904832392e70e415b0520d45ff7a1c93c2c4e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766057", "to_ids": true, "type": "md5", "uuid": "5a58c129-3990-4e84-8c82-4c7d02de0b81", "value": "f8e3c8e43593ecbd9b62f6e18c8d6474" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766057", "to_ids": true, "type": "sha256", "uuid": "5a58c129-c2bc-4920-8f73-4ca902de0b81", "value": "b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766057", "uuid": "d7545769-a98f-47ac-89e1-9074f18b2266", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766057", "to_ids": false, "type": "link", "uuid": "5a58c129-c95c-4d21-b95c-428a02de0b81", "value": "https://www.virustotal.com/file/b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0/analysis/1514646306/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766057", "to_ids": false, "type": "text", "uuid": "5a58c129-fd44-44ab-91ab-43bb02de0b81", "value": "31/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766057", "to_ids": false, "type": "datetime", "uuid": "5a58c129-2424-40da-9197-49e602de0b81", "value": "2017-12-30T15:05:06" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766060", "uuid": "2c1cfefa-96a0-4099-a720-69b64d16fe5f", "ObjectReference": [ { "comment": "", "object_uuid": "2c1cfefa-96a0-4099-a720-69b64d16fe5f", "referenced_uuid": "2beed4ba-5af8-427c-8270-b6a6456df65c", "relationship_type": "analysed-with", "timestamp": "1518771607", "uuid": "5a58c12c-bfb0-4e59-93e5-475c02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766057", "to_ids": true, "type": "sha1", "uuid": "5a58c129-eed4-4f07-850c-4c3c02de0b81", "value": "7cf55e0de9f191dc16a10de1e47fb25aa0a79856" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766057", "to_ids": true, "type": "md5", "uuid": "5a58c129-30cc-442d-988e-4be502de0b81", "value": "87a4bff26626ccf022bda7373241275c" }, { "category": "Payload delivery", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766057", "to_ids": true, "type": "sha256", "uuid": "5a58c129-e430-488a-a185-414802de0b81", "value": "3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766057", "uuid": "2beed4ba-5af8-427c-8270-b6a6456df65c", "Attribute": [ { "category": "External analysis", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766057", "to_ids": false, "type": "link", "uuid": "5a58c129-ae58-4973-8304-472102de0b81", "value": "https://www.virustotal.com/file/3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94/analysis/1501706972/" }, { "category": "Other", "comment": "Dok", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766057", "to_ids": false, "type": "text", "uuid": "5a58c129-8524-49dd-a159-44ac02de0b81", "value": "25/59" }, { "category": "Other", "comment": "Dok", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766057", "to_ids": false, "type": "datetime", "uuid": "5a58c129-2d98-493d-a833-463902de0b81", "value": "2017-08-02T20:49:32" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766060", "uuid": "9cb63957-a223-4016-bf62-7eac015b02a4", "ObjectReference": [ { "comment": "", "object_uuid": "9cb63957-a223-4016-bf62-7eac015b02a4", "referenced_uuid": "83cea96d-ea16-4220-b8d5-88ca68baf4d5", "relationship_type": "analysed-with", "timestamp": "1518771608", "uuid": "5a58c12d-3084-4c5f-a78f-4b6402de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766057", "to_ids": true, "type": "sha1", "uuid": "5a58c129-f77c-4c85-81ab-46c802de0b81", "value": "794bcba867307bdbd5f947f6c939eb4df1d2c9b8" }, { "category": "Payload delivery", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766057", "to_ids": true, "type": "md5", "uuid": "5a58c129-08a0-406a-9111-46eb02de0b81", "value": "72d4d364ed91dd9418d144a2db837a6d" }, { "category": "Payload delivery", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766057", "to_ids": true, "type": "sha256", "uuid": "5a58c129-6910-4875-9617-464e02de0b81", "value": "befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766057", "uuid": "83cea96d-ea16-4220-b8d5-88ca68baf4d5", "Attribute": [ { "category": "External analysis", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766057", "to_ids": false, "type": "link", "uuid": "5a58c129-08e8-4d94-b754-49a702de0b81", "value": "https://www.virustotal.com/file/befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271/analysis/1514807982/" }, { "category": "Other", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766057", "to_ids": false, "type": "text", "uuid": "5a58c129-957c-4b15-a39b-487e02de0b81", "value": "29/58" }, { "category": "Other", "comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766057", "to_ids": false, "type": "datetime", "uuid": "5a58c129-f0d8-4d88-a99c-437c02de0b81", "value": "2018-01-01T11:59:42" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766060", "uuid": "90395b9d-bff0-4af6-adaf-a864379542da", "ObjectReference": [ { "comment": "", "object_uuid": "90395b9d-bff0-4af6-adaf-a864379542da", "referenced_uuid": "494c3c26-d774-4f6a-aa08-5eba8f2211db", "relationship_type": "analysed-with", "timestamp": "1518771608", "uuid": "5a58c12d-5730-4073-948d-45bf02de0b81" }, { "comment": "", "object_uuid": "90395b9d-bff0-4af6-adaf-a864379542da", "referenced_uuid": "7e1bd57e-b8fe-46ce-acd5-c763793f28c5", "relationship_type": "analysed-with", "timestamp": "1518771608", "uuid": "5a7dacb9-6e60-496d-b735-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766057", "to_ids": true, "type": "sha1", "uuid": "5a58c129-7578-4e3d-b32a-48d302de0b81", "value": "5b5a34dfc102f0c18b0b0e83c6fda431969e7957" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766057", "to_ids": true, "type": "md5", "uuid": "5a58c129-7804-47ea-aaee-4b0c02de0b81", "value": "f8e4cab429263406fbf11b41fd539839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766057", "to_ids": true, "type": "sha256", "uuid": "5a58c129-3828-499a-a7fc-427d02de0b81", "value": "7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766057", "uuid": "494c3c26-d774-4f6a-aa08-5eba8f2211db", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766057", "to_ids": false, "type": "link", "uuid": "5a58c129-9c80-42c7-9549-46a102de0b81", "value": "https://www.virustotal.com/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/1499769912/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766057", "to_ids": false, "type": "text", "uuid": "5a58c129-9440-40d5-b718-4ec402de0b81", "value": "30/56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766058", "to_ids": false, "type": "datetime", "uuid": "5a58c12a-cb2c-48d7-9fbb-4fa102de0b81", "value": "2017-07-11T10:45:12" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766061", "uuid": "41a354b8-fbc4-48fc-8976-bd9a3593a07c", "ObjectReference": [ { "comment": "", "object_uuid": "41a354b8-fbc4-48fc-8976-bd9a3593a07c", "referenced_uuid": "77040fb6-0d6c-459f-986f-92b37cffe118", "relationship_type": "analysed-with", "timestamp": "1518771608", "uuid": "5a58c12d-a56c-4c7e-94f5-4ded02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766058", "to_ids": true, "type": "sha1", "uuid": "5a58c12a-7928-4c31-80d1-45ca02de0b81", "value": "d9685bea995e57ae89d10122cb76022554179ff7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766058", "to_ids": true, "type": "md5", "uuid": "5a58c12a-08c8-400c-a4c8-434802de0b81", "value": "14c1cd9c5f263d5ba988838e0c3e3cf6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766058", "to_ids": true, "type": "sha256", "uuid": "5a58c12a-6eac-413d-9e64-41d902de0b81", "value": "4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766058", "uuid": "77040fb6-0d6c-459f-986f-92b37cffe118", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766058", "to_ids": false, "type": "link", "uuid": "5a58c12a-f260-4da2-ac1a-4cc602de0b81", "value": "https://www.virustotal.com/file/4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5/analysis/1512340695/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766058", "to_ids": false, "type": "text", "uuid": "5a58c12a-3350-4b41-a95a-431c02de0b81", "value": "34/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766058", "to_ids": false, "type": "datetime", "uuid": "5a58c12a-2a2c-4aeb-b525-4b6b02de0b81", "value": "2017-12-03T22:38:15" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766061", "uuid": "480e2ec8-94b2-4682-a591-c2e86c390ead", "ObjectReference": [ { "comment": "", "object_uuid": "480e2ec8-94b2-4682-a591-c2e86c390ead", "referenced_uuid": "e6e5e5d4-0dc1-4dca-a921-aa923f455fcf", "relationship_type": "analysed-with", "timestamp": "1518771608", "uuid": "5a58c12d-7180-4687-afa4-446a02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766058", "to_ids": true, "type": "sha1", "uuid": "5a58c12a-a7f0-4b50-b2eb-402102de0b81", "value": "03ab5fdb40db260dbc35aadba202e920e57eb348" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766058", "to_ids": true, "type": "md5", "uuid": "5a58c12a-57d4-43c6-a1ba-4df102de0b81", "value": "3adf6025eb710f2bf1918ee2f116153d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766058", "to_ids": true, "type": "sha256", "uuid": "5a58c12a-6598-4aa7-b98c-4d9502de0b81", "value": "94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766058", "uuid": "e6e5e5d4-0dc1-4dca-a921-aa923f455fcf", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766058", "to_ids": false, "type": "link", "uuid": "5a58c12a-1c30-410f-85d5-417502de0b81", "value": "https://www.virustotal.com/file/94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647/analysis/1507843547/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766058", "to_ids": false, "type": "text", "uuid": "5a58c12a-59d4-44b7-bc9d-484b02de0b81", "value": "46/64" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766058", "to_ids": false, "type": "datetime", "uuid": "5a58c12a-ec04-4bff-b537-48b002de0b81", "value": "2017-10-12T21:25:47" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766061", "uuid": "74bef4c3-487c-4941-b138-c8c0e3413b50", "ObjectReference": [ { "comment": "", "object_uuid": "74bef4c3-487c-4941-b138-c8c0e3413b50", "referenced_uuid": "78a04ae2-f33b-4b5a-b0ad-64f842d70385", "relationship_type": "analysed-with", "timestamp": "1518771608", "uuid": "5a58c12d-30c8-424f-92bf-42ed02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766058", "to_ids": true, "type": "sha1", "uuid": "5a58c12a-113c-4119-b37e-4e1e02de0b81", "value": "70a1c4ed3a09a44a41d54c4fd4b409a5fc3159f6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766058", "to_ids": true, "type": "md5", "uuid": "5a58c12a-4454-419a-92be-4a8702de0b81", "value": "4fe4b9560e99e33dabca553e2eeee510" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766058", "to_ids": true, "type": "sha256", "uuid": "5a58c12a-fa80-4d87-9f33-4c9e02de0b81", "value": "2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766058", "uuid": "78a04ae2-f33b-4b5a-b0ad-64f842d70385", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766058", "to_ids": false, "type": "link", "uuid": "5a58c12a-58c8-4f7f-98bf-402b02de0b81", "value": "https://www.virustotal.com/file/2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea/analysis/1513289308/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766058", "to_ids": false, "type": "text", "uuid": "5a58c12a-9834-4b50-8cae-4e8902de0b81", "value": "35/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766058", "to_ids": false, "type": "datetime", "uuid": "5a58c12a-1c8c-4b5e-bde2-4e1d02de0b81", "value": "2017-12-14T22:08:28" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1515766061", "uuid": "1f840571-741e-4096-92d6-78e58c49109c", "ObjectReference": [ { "comment": "", "object_uuid": "1f840571-741e-4096-92d6-78e58c49109c", "referenced_uuid": "268e55cb-3597-4e16-8007-a8b36cf61376", "relationship_type": "analysed-with", "timestamp": "1518771608", "uuid": "5a58c12d-7eac-431a-b3ac-4c0b02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1515766058", "to_ids": true, "type": "sha1", "uuid": "5a58c12a-7f38-4ddb-a9ec-48af02de0b81", "value": "1e493ebde7fa77d5ae503aa7758fac87d11da116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1515766058", "to_ids": true, "type": "md5", "uuid": "5a58c12a-b188-45a6-80bd-43ed02de0b81", "value": "d4a14a1516d5ec9452a29de24ba85d0e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1515766058", "to_ids": true, "type": "sha256", "uuid": "5a58c12a-9b5c-42e5-a881-4c8302de0b81", "value": "694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1515766058", "uuid": "268e55cb-3597-4e16-8007-a8b36cf61376", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1515766058", "to_ids": false, "type": "link", "uuid": "5a58c12a-c3cc-4fbb-a5e8-471102de0b81", "value": "https://www.virustotal.com/file/694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26/analysis/1490814542/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1515766058", "to_ids": false, "type": "text", "uuid": "5a58c12a-004c-4834-bc4d-4d1f02de0b81", "value": "45/61" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1515766058", "to_ids": false, "type": "datetime", "uuid": "5a58c12a-eb88-4d06-b8f2-418c02de0b81", "value": "2017-03-29T19:09:02" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185605", "uuid": "10efb953-d0cc-4219-8b64-fd1aea48048d", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185605", "to_ids": false, "type": "link", "uuid": "5a7dac85-b2ac-41f6-b740-7f0002de0b81", "value": "https://www.virustotal.com/file/91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8/analysis/1509667741/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185606", "to_ids": false, "type": "text", "uuid": "5a7dac86-9a60-4639-8728-7f0002de0b81", "value": "33/60" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185606", "to_ids": false, "type": "datetime", "uuid": "5a7dac86-78c8-4dde-995a-7f0002de0b81", "value": "2017-11-03T00:09:01" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185607", "uuid": "e72fba22-ef47-4486-b345-e02af2e3f2ba", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185607", "to_ids": false, "type": "link", "uuid": "5a7dac87-ab30-4a0f-a272-7f0002de0b81", "value": "https://www.virustotal.com/file/c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709/analysis/1501703565/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185607", "to_ids": false, "type": "text", "uuid": "5a7dac87-37d0-4aea-8fc1-7f0002de0b81", "value": "31/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185608", "to_ids": false, "type": "datetime", "uuid": "5a7dac88-374c-486c-b8e4-7f0002de0b81", "value": "2017-08-02T19:52:45" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185608", "uuid": "c484d968-23eb-42f0-95b4-c646ff1c4a46", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185608", "to_ids": false, "type": "link", "uuid": "5a7dac88-529c-43c9-b17f-7f0002de0b81", "value": "https://www.virustotal.com/file/c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88/analysis/1515612033/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185609", "to_ids": false, "type": "text", "uuid": "5a7dac89-ebc8-432d-b5c8-7f0002de0b81", "value": "4/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185609", "to_ids": false, "type": "datetime", "uuid": "5a7dac89-c4f4-428d-8287-7f0002de0b81", "value": "2018-01-10T19:20:33" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185609", "uuid": "672456f3-351d-4587-8114-0c562fcb6082", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185609", "to_ids": false, "type": "link", "uuid": "5a7dac89-a63c-4489-a367-7f0002de0b81", "value": "https://www.virustotal.com/file/c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b/analysis/1517291247/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185610", "to_ids": false, "type": "text", "uuid": "5a7dac8a-7ff8-48e9-a679-7f0002de0b81", "value": "25/57" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185610", "to_ids": false, "type": "datetime", "uuid": "5a7dac8a-4064-4004-8980-7f0002de0b81", "value": "2018-01-30T05:47:27" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185611", "uuid": "a643b2e6-13d0-4844-bb44-3708ee4f1430", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185611", "to_ids": false, "type": "link", "uuid": "5a7dac8b-8cf8-4255-86ff-7f0002de0b81", "value": "https://www.virustotal.com/file/c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e/analysis/1509667740/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185611", "to_ids": false, "type": "text", "uuid": "5a7dac8b-c124-442a-a439-7f0002de0b81", "value": "33/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185612", "to_ids": false, "type": "datetime", "uuid": "5a7dac8c-5b90-4234-b8fd-7f0002de0b81", "value": "2017-11-03T00:09:00" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185612", "uuid": "cde25116-2c43-45fe-90a9-9d17cf9e4e7c", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185612", "to_ids": false, "type": "link", "uuid": "5a7dac8c-323c-403a-9a56-7f0002de0b81", "value": "https://www.virustotal.com/file/2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5/analysis/1511177410/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185613", "to_ids": false, "type": "text", "uuid": "5a7dac8d-d7f8-4a96-95f5-7f0002de0b81", "value": "33/60" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185613", "to_ids": false, "type": "datetime", "uuid": "5a7dac8d-725c-499e-b7f4-7f0002de0b81", "value": "2017-11-20T11:30:10" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185613", "uuid": "a41b07c7-d703-4a24-95e3-7d4c50770c9b", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185614", "to_ids": false, "type": "link", "uuid": "5a7dac8e-07e0-4c33-9b6a-7f0002de0b81", "value": "https://www.virustotal.com/file/247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff/analysis/1515612036/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185614", "to_ids": false, "type": "text", "uuid": "5a7dac8e-a368-417b-b760-7f0002de0b81", "value": "26/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185614", "to_ids": false, "type": "datetime", "uuid": "5a7dac8e-33c8-46cf-a13e-7f0002de0b81", "value": "2018-01-10T19:20:36" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185615", "uuid": "e71d92c3-fb0b-4408-95c7-c3afe71baae7", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185615", "to_ids": false, "type": "link", "uuid": "5a7dac8f-7b34-4b78-8bd4-7f0002de0b81", "value": "https://www.virustotal.com/file/cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452/analysis/1511178355/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185615", "to_ids": false, "type": "text", "uuid": "5a7dac8f-f828-45bf-b4df-7f0002de0b81", "value": "32/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185616", "to_ids": false, "type": "datetime", "uuid": "5a7dac90-3068-4807-84b7-7f0002de0b81", "value": "2017-11-20T11:45:55" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185616", "uuid": "5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185616", "to_ids": false, "type": "link", "uuid": "5a7dac90-6f48-4a9e-8db0-7f0002de0b81", "value": "https://www.virustotal.com/file/d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038/analysis/1508798227/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185617", "to_ids": false, "type": "text", "uuid": "5a7dac91-22a8-49a5-b55b-7f0002de0b81", "value": "32/60" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185617", "to_ids": false, "type": "datetime", "uuid": "5a7dac91-2880-45a8-aa36-7f0002de0b81", "value": "2017-10-23T22:37:07" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185617", "uuid": "77a6bb0a-b55e-4b33-ae86-c7ae2004d914", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185617", "to_ids": false, "type": "link", "uuid": "5a7dac91-e6a4-4c17-a91f-7f0002de0b81", "value": "https://www.virustotal.com/file/553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad/analysis/1511207074/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185618", "to_ids": false, "type": "text", "uuid": "5a7dac92-6310-4a33-b91a-7f0002de0b81", "value": "34/60" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185618", "to_ids": false, "type": "datetime", "uuid": "5a7dac92-e444-4b6d-9955-7f0002de0b81", "value": "2017-11-20T19:44:34" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185619", "uuid": "c54a631e-db6e-4cc7-856d-07a974bfc25a", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185619", "to_ids": false, "type": "link", "uuid": "5a7dac93-7824-4f8e-bd52-7f0002de0b81", "value": "https://www.virustotal.com/file/b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1/analysis/1508922137/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185619", "to_ids": false, "type": "text", "uuid": "5a7dac93-360c-40e2-84e1-7f0002de0b81", "value": "18/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185620", "to_ids": false, "type": "datetime", "uuid": "5a7dac94-b604-42a2-b52f-7f0002de0b81", "value": "2017-10-25T09:02:17" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185620", "uuid": "0840973f-94a7-411c-9c35-bebd86da7b47", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185620", "to_ids": false, "type": "link", "uuid": "5a7dac94-0788-4ac3-b2cd-7f0002de0b81", "value": "https://www.virustotal.com/file/07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d/analysis/1510646898/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185621", "to_ids": false, "type": "text", "uuid": "5a7dac95-d758-489d-8de5-7f0002de0b81", "value": "36/61" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185621", "to_ids": false, "type": "datetime", "uuid": "5a7dac95-1268-470f-b2e9-7f0002de0b81", "value": "2017-11-14T08:08:18" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185622", "uuid": "7e1bd57e-b8fe-46ce-acd5-c763793f28c5", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185622", "to_ids": false, "type": "link", "uuid": "5a7dac96-fa78-4f88-9729-7f0002de0b81", "value": "https://www.virustotal.com/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/1499769912/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185622", "to_ids": false, "type": "text", "uuid": "5a7dac96-a828-424a-9fa2-7f0002de0b81", "value": "30/56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185622", "to_ids": false, "type": "datetime", "uuid": "5a7dac96-5e3c-4566-9d7f-7f0002de0b81", "value": "2017-07-11T10:45:12" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185623", "uuid": "01b8d2c8-326f-4555-a514-65bbf934d953", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185623", "to_ids": false, "type": "link", "uuid": "5a7dac97-3a78-48c9-8423-7f0002de0b81", "value": "https://www.virustotal.com/file/52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c/analysis/1512899518/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185624", "to_ids": false, "type": "text", "uuid": "5a7dac98-7c80-4d0c-8310-7f0002de0b81", "value": "30/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185624", "to_ids": false, "type": "datetime", "uuid": "5a7dac98-e9a4-4565-a4ea-7f0002de0b81", "value": "2017-12-10T09:51:58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185627", "uuid": "2835626e-b913-4889-a9d9-fdbe227feadb", "ObjectReference": [ { "comment": "", "object_uuid": "2835626e-b913-4889-a9d9-fdbe227feadb", "referenced_uuid": "a28ef769-5398-4eb7-9b00-fab900d14c43", "relationship_type": "analysed-with", "timestamp": "1518771608", "uuid": "5a7dacb9-6004-4677-b8e3-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185624", "to_ids": true, "type": "sha1", "uuid": "5a7dac99-6cb4-4bcf-b342-7f0002de0b81", "value": "d20482372f9e63a54854d639cc79d0b65bc8382b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185625", "to_ids": true, "type": "sha256", "uuid": "5a7dac99-f2e0-4804-9737-7f0002de0b81", "value": "b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185625", "to_ids": true, "type": "md5", "uuid": "5a7dac99-f35c-43a6-abcb-7f0002de0b81", "value": "77b4ffe73491d534946d010bfca138f7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185626", "uuid": "a28ef769-5398-4eb7-9b00-fab900d14c43", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185626", "to_ids": false, "type": "link", "uuid": "5a7dac9a-7b60-4984-bad7-7f0002de0b81", "value": "https://www.virustotal.com/file/b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea/analysis/1511755782/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185626", "to_ids": false, "type": "text", "uuid": "5a7dac9a-0944-420b-9074-7f0002de0b81", "value": "26/57" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185627", "to_ids": false, "type": "datetime", "uuid": "5a7dac9b-1724-4270-8e32-7f0002de0b81", "value": "2017-11-27T04:09:42" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185627", "uuid": "5c2bd08b-1259-4095-9c9e-3b74506b1585", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185627", "to_ids": false, "type": "link", "uuid": "5a7dac9b-b914-4fe7-b2a2-7f0002de0b81", "value": "https://www.virustotal.com/file/83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3/analysis/1514646249/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185628", "to_ids": false, "type": "text", "uuid": "5a7dac9c-3468-45b3-94be-7f0002de0b81", "value": "26/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185628", "to_ids": false, "type": "datetime", "uuid": "5a7dac9c-a888-46c1-9692-7f0002de0b81", "value": "2017-12-30T15:04:09" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185628", "uuid": "85b2b880-d3e8-4dea-bea6-10c2a491856b", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185628", "to_ids": false, "type": "link", "uuid": "5a7dac9d-c880-4055-b1d5-7f0002de0b81", "value": "https://www.virustotal.com/file/bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55/analysis/1514646319/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185629", "to_ids": false, "type": "text", "uuid": "5a7dac9d-8c18-4c2f-9d02-7f0002de0b81", "value": "30/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185629", "to_ids": false, "type": "datetime", "uuid": "5a7dac9d-11f0-4b60-9bfe-7f0002de0b81", "value": "2017-12-30T15:05:19" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185633", "uuid": "fb3000f4-1ebc-42d4-8e4a-2275d659efe6", "ObjectReference": [ { "comment": "", "object_uuid": "fb3000f4-1ebc-42d4-8e4a-2275d659efe6", "referenced_uuid": "5cbeb48f-30a6-478a-bea9-9928524630c6", "relationship_type": "analysed-with", "timestamp": "1518771609", "uuid": "5a7dacb9-5700-4a96-8673-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185630", "to_ids": true, "type": "sha1", "uuid": "5a7dac9e-bdb0-4532-88b7-7f0002de0b81", "value": "087aa8d2fcfffa85707214928d9f4ca16e8af5ac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185630", "to_ids": true, "type": "sha256", "uuid": "5a7dac9e-3e24-44f3-9fdb-7f0002de0b81", "value": "6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185631", "to_ids": true, "type": "md5", "uuid": "5a7dac9f-1df0-485a-ada5-7f0002de0b81", "value": "f48ee47a79d5da606e9eff0401971075" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185631", "uuid": "5cbeb48f-30a6-478a-bea9-9928524630c6", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185631", "to_ids": false, "type": "link", "uuid": "5a7dac9f-46b8-4185-b9a5-7f0002de0b81", "value": "https://www.virustotal.com/file/6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506/analysis/1494501354/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185632", "to_ids": false, "type": "text", "uuid": "5a7daca0-fca0-44dc-8b88-7f0002de0b81", "value": "21/56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185632", "to_ids": false, "type": "datetime", "uuid": "5a7daca0-6900-4a96-b16b-7f0002de0b81", "value": "2017-05-11T11:15:54" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185636", "uuid": "f53a44f1-158b-4212-bc9e-8e257362a32c", "ObjectReference": [ { "comment": "", "object_uuid": "f53a44f1-158b-4212-bc9e-8e257362a32c", "referenced_uuid": "3bd1c560-3b57-4248-b95c-72723eebd90c", "relationship_type": "analysed-with", "timestamp": "1518771609", "uuid": "5a7dacb9-4218-445b-bf5b-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185633", "to_ids": true, "type": "sha1", "uuid": "5a7daca1-4c7c-49ef-8ccb-7f0002de0b81", "value": "73994f62dfac62e32968abeb5206043464eb4792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185633", "to_ids": true, "type": "sha256", "uuid": "5a7daca1-1b98-4838-9f34-7f0002de0b81", "value": "92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185633", "to_ids": true, "type": "md5", "uuid": "5a7daca1-6124-4607-9cb9-7f0002de0b81", "value": "5e996bcbb6f15d345a4a59758dc4d75f" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185634", "uuid": "3bd1c560-3b57-4248-b95c-72723eebd90c", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185634", "to_ids": false, "type": "link", "uuid": "5a7daca2-3940-4dc5-992d-7f0002de0b81", "value": "https://www.virustotal.com/file/92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387/analysis/1517417420/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185635", "to_ids": false, "type": "text", "uuid": "5a7daca3-b854-4cf7-92a4-7f0002de0b81", "value": "13/57" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185635", "to_ids": false, "type": "datetime", "uuid": "5a7daca3-0674-4c54-904f-7f0002de0b81", "value": "2018-01-31T16:50:20" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185638", "uuid": "edc8ba48-d186-4b7f-a8e4-54fdfee91503", "ObjectReference": [ { "comment": "", "object_uuid": "edc8ba48-d186-4b7f-a8e4-54fdfee91503", "referenced_uuid": "cf7832e0-5495-4a89-95df-cb4dd915842e", "relationship_type": "analysed-with", "timestamp": "1518771609", "uuid": "5a7dacb9-76cc-4f50-b90a-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185635", "to_ids": true, "type": "sha1", "uuid": "5a7daca3-e564-4606-9521-7f0002de0b81", "value": "d972e12685591b71432faaf70c71ced4b6e522a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185636", "to_ids": true, "type": "sha256", "uuid": "5a7daca4-cf6c-48f5-ba2d-7f0002de0b81", "value": "7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185636", "to_ids": true, "type": "md5", "uuid": "5a7daca4-f240-430b-a950-7f0002de0b81", "value": "3a5fc199189cf39ec58ec6fb2c3c7d93" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185637", "uuid": "cf7832e0-5495-4a89-95df-cb4dd915842e", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185637", "to_ids": false, "type": "link", "uuid": "5a7daca5-a77c-46db-a274-7f0002de0b81", "value": "https://www.virustotal.com/file/7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30/analysis/1518176286/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185637", "to_ids": false, "type": "text", "uuid": "5a7daca5-aafc-4d39-ba71-7f0002de0b81", "value": "0/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185638", "to_ids": false, "type": "datetime", "uuid": "5a7daca6-e190-46bd-88c9-7f0002de0b81", "value": "2018-02-09T11:38:06" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185641", "uuid": "f8e43169-3421-43af-8b25-be605a3ea859", "ObjectReference": [ { "comment": "", "object_uuid": "f8e43169-3421-43af-8b25-be605a3ea859", "referenced_uuid": "2e77adf4-a30d-4dcf-9fcd-9a263b1971c7", "relationship_type": "analysed-with", "timestamp": "1518771609", "uuid": "5a7dacb9-d740-48f9-b264-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185638", "to_ids": true, "type": "sha1", "uuid": "5a7daca6-271c-4597-bee3-7f0002de0b81", "value": "a201f1760ca4f99dff682a4e5c656f149f5d8e7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185639", "to_ids": true, "type": "sha256", "uuid": "5a7daca7-6c84-4003-a567-7f0002de0b81", "value": "5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185639", "to_ids": true, "type": "md5", "uuid": "5a7daca7-bde0-478c-90b4-7f0002de0b81", "value": "6c74ff2cc39b5362ee5dec576ece211b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185639", "uuid": "2e77adf4-a30d-4dcf-9fcd-9a263b1971c7", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185639", "to_ids": false, "type": "link", "uuid": "5a7daca7-2690-4c19-9ad1-7f0002de0b81", "value": "https://www.virustotal.com/file/5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060/analysis/1511748584/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185640", "to_ids": false, "type": "text", "uuid": "5a7daca8-efc0-48bf-82c4-7f0002de0b81", "value": "26/57" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185640", "to_ids": false, "type": "datetime", "uuid": "5a7daca8-f524-4e70-83ce-7f0002de0b81", "value": "2017-11-27T02:09:44" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185644", "uuid": "770417f7-66d8-4c14-a590-25829420ef72", "ObjectReference": [ { "comment": "", "object_uuid": "770417f7-66d8-4c14-a590-25829420ef72", "referenced_uuid": "d250cbbd-0387-4477-9487-647ba7f369ed", "relationship_type": "analysed-with", "timestamp": "1518771609", "uuid": "5a7dacb9-b5ec-4ce8-848c-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185641", "to_ids": true, "type": "sha1", "uuid": "5a7daca9-5c9c-4cde-a219-7f0002de0b81", "value": "26f1dc4618b87b52ff1c5e27a5ba260d5f034a0f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185641", "to_ids": true, "type": "sha256", "uuid": "5a7daca9-6808-4a2f-a931-7f0002de0b81", "value": "0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185642", "to_ids": true, "type": "md5", "uuid": "5a7dacaa-a9dc-4351-b0d0-7f0002de0b81", "value": "a90379e02cf9b66c3863131730a4b099" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185642", "uuid": "d250cbbd-0387-4477-9487-647ba7f369ed", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185642", "to_ids": false, "type": "link", "uuid": "5a7dacaa-53c0-407f-a48e-7f0002de0b81", "value": "https://www.virustotal.com/file/0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9/analysis/1493992385/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185643", "to_ids": false, "type": "text", "uuid": "5a7dacab-a424-4aaf-8a77-7f0002de0b81", "value": "17/56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185643", "to_ids": false, "type": "datetime", "uuid": "5a7dacab-3264-4ca4-aaa3-7f0002de0b81", "value": "2017-05-05T13:53:05" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185646", "uuid": "18939e64-0afb-4ae4-8995-189b92423b98", "ObjectReference": [ { "comment": "", "object_uuid": "18939e64-0afb-4ae4-8995-189b92423b98", "referenced_uuid": "55b685d6-7fdc-4538-b113-d253384b213a", "relationship_type": "analysed-with", "timestamp": "1518771609", "uuid": "5a7dacba-e40c-47f2-aa5f-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185643", "to_ids": true, "type": "sha1", "uuid": "5a7dacab-624c-4e34-b926-7f0002de0b81", "value": "0a0ae94f92a50937d920bf02dd26b477c840a915" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185644", "to_ids": true, "type": "sha256", "uuid": "5a7dacac-ded0-48e8-b095-7f0002de0b81", "value": "d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185644", "to_ids": true, "type": "md5", "uuid": "5a7dacac-1100-4608-b5f2-7f0002de0b81", "value": "000e4225f382f9eee675dcaf3cbf9c7e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185645", "uuid": "55b685d6-7fdc-4538-b113-d253384b213a", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185645", "to_ids": false, "type": "link", "uuid": "5a7dacad-3ff4-46ee-b49a-7f0002de0b81", "value": "https://www.virustotal.com/file/d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2/analysis/1503971137/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185645", "to_ids": false, "type": "text", "uuid": "5a7dacad-5b28-4055-9bec-7f0002de0b81", "value": "31/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185646", "to_ids": false, "type": "datetime", "uuid": "5a7dacae-2d68-4151-bd0e-7f0002de0b81", "value": "2017-08-29T01:45:37" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185646", "uuid": "e5e57871-79b1-4440-95b3-49bc62c724e5", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185646", "to_ids": false, "type": "link", "uuid": "5a7dacae-4ec8-4dc8-aec5-7f0002de0b81", "value": "https://www.virustotal.com/file/ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044/analysis/1515766221/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185647", "to_ids": false, "type": "text", "uuid": "5a7dacaf-824c-45b4-8c23-7f0002de0b81", "value": "33/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185647", "to_ids": false, "type": "datetime", "uuid": "5a7dacaf-84f0-4857-9453-7f0002de0b81", "value": "2018-01-12T14:10:21" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185650", "uuid": "8d7a2d17-30f8-46c6-aa2c-c99caf8b8208", "ObjectReference": [ { "comment": "", "object_uuid": "8d7a2d17-30f8-46c6-aa2c-c99caf8b8208", "referenced_uuid": "ece0181f-f705-463f-bea6-08263cc535ba", "relationship_type": "analysed-with", "timestamp": "1518771609", "uuid": "5a7dacba-56a0-4ed6-a58c-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185647", "to_ids": true, "type": "sha1", "uuid": "5a7dacaf-16c8-44d4-a960-7f0002de0b81", "value": "d6a09a1c2964b228143092e200d17531a8aefc9d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185648", "to_ids": true, "type": "sha256", "uuid": "5a7dacb0-ee74-4bb8-9649-7f0002de0b81", "value": "b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185648", "to_ids": true, "type": "md5", "uuid": "5a7dacb0-1360-41bd-9c29-7f0002de0b81", "value": "a79ac543b0836b53a3623e0b4cb6a6f7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185649", "uuid": "ece0181f-f705-463f-bea6-08263cc535ba", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185649", "to_ids": false, "type": "link", "uuid": "5a7dacb1-a620-4047-a010-7f0002de0b81", "value": "https://www.virustotal.com/file/b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0/analysis/1494500661/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185649", "to_ids": false, "type": "text", "uuid": "5a7dacb1-d0d4-4978-a631-7f0002de0b81", "value": "16/56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185650", "to_ids": false, "type": "datetime", "uuid": "5a7dacb2-ccc8-449d-9e9c-7f0002de0b81", "value": "2017-05-11T11:04:21" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185653", "uuid": "87463bc1-9173-4071-827c-db9c3d3396bc", "ObjectReference": [ { "comment": "", "object_uuid": "87463bc1-9173-4071-827c-db9c3d3396bc", "referenced_uuid": "f31cc4ab-1875-4f2d-87c9-04b8673ddbe8", "relationship_type": "analysed-with", "timestamp": "1518771609", "uuid": "5a7dacba-e448-44ac-a8d4-7f0002de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185650", "to_ids": true, "type": "sha1", "uuid": "5a7dacb2-9638-4701-a60a-7f0002de0b81", "value": "af9b9164d6f3616bf31fb98acf8a0cb72c312774" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185651", "to_ids": true, "type": "sha256", "uuid": "5a7dacb3-6ed0-4cb2-8b08-7f0002de0b81", "value": "128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185651", "to_ids": true, "type": "md5", "uuid": "5a7dacb3-58d4-4f5e-ba7e-7f0002de0b81", "value": "5b3e0b74cdb0622074fd997af51161dd" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185651", "uuid": "f31cc4ab-1875-4f2d-87c9-04b8673ddbe8", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185652", "to_ids": false, "type": "link", "uuid": "5a7dacb4-7fc8-40bd-929a-7f0002de0b81", "value": "https://www.virustotal.com/file/128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe/analysis/1517416889/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185652", "to_ids": false, "type": "text", "uuid": "5a7dacb4-0fc8-43af-a265-7f0002de0b81", "value": "9/56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185652", "to_ids": false, "type": "datetime", "uuid": "5a7dacb4-9a34-49d6-992c-7f0002de0b81", "value": "2018-01-31T16:41:29" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185653", "uuid": "f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185653", "to_ids": false, "type": "link", "uuid": "5a7dacb5-5a14-45a2-8173-7f0002de0b81", "value": "https://www.virustotal.com/file/b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0/analysis/1514646306/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185653", "to_ids": false, "type": "text", "uuid": "5a7dacb5-5968-4307-821f-7f0002de0b81", "value": "31/59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185654", "to_ids": false, "type": "datetime", "uuid": "5a7dacb6-050c-4529-bf24-7f0002de0b81", "value": "2017-12-30T15:05:06" } ] } ] } }