{ "Event": { "analysis": "2", "date": "2018-09-09", "extends_uuid": "", "info": "OSINT - Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall", "publish_timestamp": "1536846519", "published": true, "threat_level_id": "3", "timestamp": "1536846498", "uuid": "5b991442-a9f0-4b5b-bc56-445f950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#22681c", "local": "0", "name": "malware_classification:malware-category=\"Botnet\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:botnet=\"Mirai\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"Mirai\"", "relationship_type": "" }, { "colour": "#0da800", "local": "0", "name": "misp-galaxy:tool=\"Gafgyt\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:botnet=\"Gafgyt\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1536758878", "to_ids": false, "type": "link", "uuid": "5b991454-051c-4bd8-a0bd-4e4a950d210f", "value": "https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1536758905", "to_ids": false, "type": "text", "uuid": "5b991479-1434-4a91-9224-493c950d210f", "value": "Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since.\r\n\r\nThese variants are notable for two reasons:\r\n\r\n The new Mirai version targets the same Apache Struts vulnerability associated with the Equifax data breach in 2017.\r\n The new Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall\u00e2\u20ac\u2122s Global Management System (GMS).\r\n\r\nThese developments suggest these IOT botnets are increasingly targeting enterprise devices with outdated versions.\r\n\r\nAll organizations should ensure they keep not only their systems up-to-date and patched, but also their IoT devices. For Palo Alto Networks customers, WidlFire detects all related samples with malicious verdicts. Additional protections are noted in the conclusion below." }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1536825257", "to_ids": true, "type": "hostname", "uuid": "5b9a17a9-46f4-4829-a645-41bb950d210f", "value": "l.ocalhost.host" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1536825258", "to_ids": true, "type": "ip-dst", "uuid": "5b9a17aa-17d8-479d-a049-4e2d950d210f", "value": "185.10.68.213" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1536825258", "to_ids": true, "type": "ip-dst", "uuid": "5b9a17aa-4d98-4ac5-8764-42f4950d210f", "value": "185.10.68.127" } ], "Object": [ { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536822608", "uuid": "5b9a0d50-ad90-4793-b2d8-41d2950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536822608", "to_ids": true, "type": "sha256", "uuid": "5b9a0d50-0db8-4b6b-9701-4a98950d210f", "value": "d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536822609", "to_ids": false, "type": "text", "uuid": "5b9a0d51-6454-44e9-9ddf-42f2950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536823728", "uuid": "5b9a11b0-9f94-4354-a268-43aa950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536823728", "to_ids": true, "type": "sha256", "uuid": "5b9a11b0-b558-4b1a-9eca-437a950d210f", "value": "710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536823729", "to_ids": false, "type": "text", "uuid": "5b9a11b1-3b64-466e-ba0e-47d1950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536823741", "uuid": "5b9a11bd-ec9c-4b8b-97d3-4f7a950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536823741", "to_ids": true, "type": "sha256", "uuid": "5b9a11bd-79d8-480d-bbbf-45a1950d210f", "value": "52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536823742", "to_ids": false, "type": "text", "uuid": "5b9a11be-ddd0-4b74-913f-4d85950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536823782", "uuid": "5b9a11e6-9cdc-41f5-98f9-4912950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536823782", "to_ids": true, "type": "sha256", "uuid": "5b9a11e6-aa50-4ec0-95f1-4b81950d210f", "value": "078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536823782", "to_ids": false, "type": "text", "uuid": "5b9a11e6-e3b0-4e5c-abd3-4be2950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536823792", "uuid": "5b9a11f0-9c10-492e-9b51-4257950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536823793", "to_ids": true, "type": "sha256", "uuid": "5b9a11f1-36f4-48c9-977b-4ac3950d210f", "value": "ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536823793", "to_ids": false, "type": "text", "uuid": "5b9a11f1-5490-47fa-8ab2-4432950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536823880", "uuid": "5b9a1248-1f28-48ac-be89-45c3950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536823880", "to_ids": true, "type": "sha256", "uuid": "5b9a1248-3270-4c9b-8fcd-416c950d210f", "value": "49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536823881", "to_ids": false, "type": "text", "uuid": "5b9a1249-5474-4476-995f-4d90950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536823902", "uuid": "5b9a125e-9f20-423b-b45f-4054950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536823902", "to_ids": true, "type": "sha256", "uuid": "5b9a125e-5db4-4f91-9f4d-441d950d210f", "value": "99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536823903", "to_ids": false, "type": "text", "uuid": "5b9a125f-e0a0-44d7-a2f0-48bb950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536823929", "uuid": "5b9a1279-20f4-4f5e-b2dc-48ca950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536823929", "to_ids": true, "type": "sha256", "uuid": "5b9a1279-dee0-4810-8cd3-4f08950d210f", "value": "ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536823929", "to_ids": false, "type": "text", "uuid": "5b9a1279-b380-44a6-9c25-4416950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Apache Struts exploit CVE-2017-5638", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536823944", "uuid": "5b9a1288-1af0-4da4-8f3a-447b950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536823944", "to_ids": true, "type": "sha256", "uuid": "5b9a1288-c088-4c25-9f23-493d950d210f", "value": "1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536823944", "to_ids": false, "type": "text", "uuid": "5b9a1288-e790-4d03-a460-4cbd950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824082", "uuid": "5b9a1312-b374-493c-986d-49bd950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824082", "to_ids": true, "type": "sha256", "uuid": "5b9a1312-6d54-4e1a-be43-4413950d210f", "value": "1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824083", "to_ids": false, "type": "text", "uuid": "5b9a1313-1324-49af-b8e0-49a2950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824095", "uuid": "5b9a131f-bec4-4d20-baea-4929950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824095", "to_ids": true, "type": "sha256", "uuid": "5b9a131f-2c54-4fb5-90ec-417b950d210f", "value": "29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824096", "to_ids": false, "type": "text", "uuid": "5b9a1320-889c-4393-b901-4e2c950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824115", "uuid": "5b9a1333-b508-45d9-9896-4e23950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824115", "to_ids": true, "type": "sha256", "uuid": "5b9a1333-0614-4a15-af26-42b0950d210f", "value": "39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824116", "to_ids": false, "type": "text", "uuid": "5b9a1334-4ce4-4227-bd39-4d87950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824134", "uuid": "5b9a1346-5384-4908-a5a8-4df7950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824134", "to_ids": true, "type": "sha256", "uuid": "5b9a1346-43dc-4f32-ad9d-4ba6950d210f", "value": "596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824134", "to_ids": false, "type": "text", "uuid": "5b9a1346-cb84-4b0b-b65c-4f66950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824538", "uuid": "5b9a14da-00bc-4f8c-92b4-4c86950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824538", "to_ids": true, "type": "sha256", "uuid": "5b9a14da-eb80-4afc-9d19-40c6950d210f", "value": "68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824538", "to_ids": false, "type": "text", "uuid": "5b9a14da-3c20-4dc5-b52c-4d69950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824553", "uuid": "5b9a14e9-221c-4e02-b682-4575950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824553", "to_ids": true, "type": "sha256", "uuid": "5b9a14e9-da78-4529-9f86-4a12950d210f", "value": "92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824554", "to_ids": false, "type": "text", "uuid": "5b9a14ea-0698-430d-9436-4d6d950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824577", "uuid": "5b9a1501-cc14-4764-bf87-46cc950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824577", "to_ids": true, "type": "sha256", "uuid": "5b9a1501-db4c-4d2d-9b05-435e950d210f", "value": "aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824578", "to_ids": false, "type": "text", "uuid": "5b9a1502-0664-409b-b961-484c950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824594", "uuid": "5b9a1512-a77c-4500-a8c9-4481950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824594", "to_ids": true, "type": "sha256", "uuid": "5b9a1512-8a84-4014-b818-457a950d210f", "value": "d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824594", "to_ids": false, "type": "text", "uuid": "5b9a1512-c694-48d1-be93-4469950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824615", "uuid": "5b9a1527-6be8-4405-8242-44f9950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824615", "to_ids": true, "type": "sha256", "uuid": "5b9a1527-0a18-425a-97aa-4cbf950d210f", "value": "dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824615", "to_ids": false, "type": "text", "uuid": "5b9a1527-8484-4667-9898-43d3950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824628", "uuid": "5b9a1534-31f8-4c5b-9d0b-4dc8950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824628", "to_ids": true, "type": "sha256", "uuid": "5b9a1534-62e0-43ad-90c8-4ea9950d210f", "value": "f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824628", "to_ids": false, "type": "text", "uuid": "5b9a1534-b130-4a35-9437-447e950d210f", "value": "Malicious" } ] }, { "comment": "Sample with Sonicwall GMS exploit CVE-2018-9866", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "14", "timestamp": "1536824641", "uuid": "5b9a1541-1924-4272-80b3-4240950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536824641", "to_ids": true, "type": "sha256", "uuid": "5b9a1541-5ee0-45cb-a0bf-453c950d210f", "value": "fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536824642", "to_ids": false, "type": "text", "uuid": "5b9a1542-12ec-40f5-891e-41a5950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.", "meta-category": "vulnerability", "name": "vulnerability", "template_uuid": "81650945-f186-437b-8945-9f31715d32da", "template_version": "5", "timestamp": "1536833646", "uuid": "5b9a386e-b6e4-47be-8342-4230950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "cvss-score", "timestamp": "1536833646", "to_ids": false, "type": "float", "uuid": "5b9a386e-e358-4e72-b737-4437950d210f", "value": "10" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1536833646", "to_ids": false, "type": "link", "uuid": "5b9a386e-1350-4e96-9d52-4468950d210f", "value": "https://cve.circl.lu/cve/CVE-2017-5638" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1536833646", "to_ids": false, "type": "link", "uuid": "5b9a386e-1078-423f-bf71-4ac2950d210f", "value": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1536833647", "to_ids": false, "type": "link", "uuid": "5b9a386f-d6ec-4e6c-89ee-4fb4950d210f", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1536833647", "to_ids": false, "type": "link", "uuid": "5b9a386f-3c84-45e2-b0d8-4f7b950d210f", "value": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1536833648", "to_ids": false, "type": "link", "uuid": "5b9a3870-610c-4c63-a2a4-4e0b950d210f", "value": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "references", "timestamp": "1536833648", "to_ids": false, "type": "link", "uuid": "5b9a3870-1788-4488-8fe5-42d2950d210f", "value": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536833649", "to_ids": false, "type": "text", "uuid": "5b9a3871-c88c-491f-abdc-4e9d950d210f", "value": "Published" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "published", "timestamp": "1536833649", "to_ids": false, "type": "datetime", "uuid": "5b9a3871-1048-497a-82ab-449b950d210f", "value": "2017-10-03T21:59:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1536833649", "to_ids": false, "type": "text", "uuid": "5b9a3871-689c-4183-8c14-421c950d210f", "value": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "modified", "timestamp": "1536833649", "to_ids": false, "type": "datetime", "uuid": "5b9a3871-4350-449d-82f5-4062950d210f", "value": "2018-03-03T21:29:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "id", "timestamp": "1536833649", "to_ids": false, "type": "text", "uuid": "5b9a3871-b3f4-4491-b702-4741950d210f", "value": "CVE-2017-5638" } ] }, { "comment": "", "deleted": false, "description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.", "meta-category": "vulnerability", "name": "vulnerability", "template_uuid": "81650945-f186-437b-8945-9f31715d32da", "template_version": "5", "timestamp": "1536833922", "uuid": "5b9a3982-b92c-4520-9b89-4a5c950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536833922", "to_ids": false, "type": "text", "uuid": "5b9a3982-05b4-4540-8e31-4e43950d210f", "value": "Published" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "published", "timestamp": "1536833922", "to_ids": false, "type": "datetime", "uuid": "5b9a3982-8998-4f86-af94-4d10950d210f", "value": "2018-03-08T16:29:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1536833922", "to_ids": false, "type": "text", "uuid": "5b9a3982-a884-4721-9937-4d5d950d210f", "value": "A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "modified", "timestamp": "1536833923", "to_ids": false, "type": "datetime", "uuid": "5b9a3983-6dc0-48ed-9a27-458b950d210f", "value": "2018-03-08T16:29:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "id", "timestamp": "1536833923", "to_ids": false, "type": "text", "uuid": "5b9a3983-167c-41c6-acf7-4400950d210f", "value": "CVE-2018-9866" } ] }, { "comment": "", "deleted": false, "description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.", "meta-category": "vulnerability", "name": "vulnerability", "template_uuid": "81650945-f186-437b-8945-9f31715d32da", "template_version": "5", "timestamp": "1536834106", "uuid": "5b9a3a3a-ed68-4f01-9808-438e950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "cvss-score", "timestamp": "1536834106", "to_ids": false, "type": "float", "uuid": "5b9a3a3a-0680-4ff7-9864-44b3950d210f", "value": "9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536834106", "to_ids": false, "type": "text", "uuid": "5b9a3a3a-e6f8-4526-9510-458a950d210f", "value": "Published" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "published", "timestamp": "1536834106", "to_ids": false, "type": "datetime", "uuid": "5b9a3a3a-988c-42ad-a2d1-40e6950d210f", "value": "2017-06-04T13:59:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1536834106", "to_ids": false, "type": "text", "uuid": "5b9a3a3a-e830-4160-83b5-47bf950d210f", "value": "A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "id", "timestamp": "1536834107", "to_ids": false, "type": "text", "uuid": "5b9a3a3b-5c5c-4efb-bdda-4d76950d210f", "value": "CVE-2017-6884" } ] }, { "comment": "", "deleted": false, "description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.", "meta-category": "vulnerability", "name": "vulnerability", "template_uuid": "81650945-f186-437b-8945-9f31715d32da", "template_version": "5", "timestamp": "1536834355", "uuid": "5b9a3b33-9c4c-4549-b0e2-4c6e950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "cvss-score", "timestamp": "1536834355", "to_ids": false, "type": "float", "uuid": "5b9a3b33-fc98-4233-991b-4db5950d210f", "value": "6.5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1536834355", "to_ids": false, "type": "text", "uuid": "5b9a3b33-ac5c-4c93-aaf1-4416950d210f", "value": "Published" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "published", "timestamp": "1536834355", "to_ids": false, "type": "datetime", "uuid": "5b9a3b33-febc-418d-b535-4ccd950d210f", "value": "2018-03-20T11:29:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1536834355", "to_ids": false, "type": "text", "uuid": "5b9a3b33-ed9c-4f5c-971a-4853950d210f", "value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "modified", "timestamp": "1536834356", "to_ids": false, "type": "datetime", "uuid": "5b9a3b34-80a8-4946-910c-4e65950d210f", "value": "2018-04-19T11:04:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "id", "timestamp": "1536834356", "to_ids": false, "type": "text", "uuid": "5b9a3b34-7378-4f86-9184-475d950d210f", "value": "CVE-2017-17215" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845807", "uuid": "c9655c57-1760-44de-8ccc-7029b572eae9", "ObjectReference": [ { "comment": "", "object_uuid": "c9655c57-1760-44de-8ccc-7029b572eae9", "referenced_uuid": "09f198df-da65-491a-b0aa-b776a71ebd10", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-037c-4f9d-aab3-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845804", "to_ids": true, "type": "md5", "uuid": "3378cba9-9cff-462b-a2fb-16d88106cd44", "value": "e0b32c133cedca69b05dd3a9dd6e1910" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845804", "to_ids": true, "type": "sha1", "uuid": "540546b5-0c1f-4a0e-a6e8-e5aeae9e1401", "value": "ff7c182fb460d62195d1bae8c394b2e81182defe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845805", "to_ids": true, "type": "sha256", "uuid": "2637b721-0f72-4059-b3d5-a9f964620c94", "value": "710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845805", "uuid": "09f198df-da65-491a-b0aa-b776a71ebd10", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845805", "to_ids": false, "type": "datetime", "uuid": "cbaa39a5-ae89-497b-ba65-0901ebe6762b", "value": "2018-09-13T01:25:45" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845806", "to_ids": false, "type": "link", "uuid": "279a4f6c-0ce4-4d69-9af0-dc6b013928db", "value": "https://www.virustotal.com/file/710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255/analysis/1536801945/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845806", "to_ids": false, "type": "text", "uuid": "75778552-b07e-4f8b-85bf-eaaeee5be422", "value": "25/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845809", "uuid": "85dcb3db-5f44-45ce-91ed-474e10a184ce", "ObjectReference": [ { "comment": "", "object_uuid": "85dcb3db-5f44-45ce-91ed-474e10a184ce", "referenced_uuid": "2f799c8d-3791-4020-8203-8f673107e71a", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-1a7c-4ad1-8d8a-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845806", "to_ids": true, "type": "md5", "uuid": "4e7903a9-92c8-47c5-bc50-e35e4e294668", "value": "6a77f21e15a0a4763e86d166763dbd05" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845807", "to_ids": true, "type": "sha1", "uuid": "ae854bd2-75aa-4a31-8334-48e3ef021b9e", "value": "a4a4d892d04f516261c2fa4c56de3ff21afd2812" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845807", "to_ids": true, "type": "sha256", "uuid": "6db1af42-756d-445d-a7bf-a34f5cc20c27", "value": "29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845807", "uuid": "2f799c8d-3791-4020-8203-8f673107e71a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845807", "to_ids": false, "type": "datetime", "uuid": "ea58763f-c5f9-4765-a316-a8ee71d3fccd", "value": "2018-09-13T01:25:59" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845808", "to_ids": false, "type": "link", "uuid": "c949938e-0e64-43e0-944a-40a3b391d0aa", "value": "https://www.virustotal.com/file/29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb/analysis/1536801959/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845808", "to_ids": false, "type": "text", "uuid": "70c9ab68-2528-495d-a5a8-78d179b63a00", "value": "23/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845811", "uuid": "5892a64f-3a60-4d35-b243-5b5ee982d5aa", "ObjectReference": [ { "comment": "", "object_uuid": "5892a64f-3a60-4d35-b243-5b5ee982d5aa", "referenced_uuid": "c0c775a5-3da7-4a09-b2b3-401164eadeb0", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-3160-4615-8588-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845808", "to_ids": true, "type": "md5", "uuid": "5902a53a-8b91-4d34-87e6-3d814dbc3d8a", "value": "1998b2f489c4da5ecafe7fb5cc790575" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845809", "to_ids": true, "type": "sha1", "uuid": "8fc67189-522c-4946-9e14-62c0a08badf6", "value": "13c72eb4c783b74046aeb53f50173eccfb64c7ca" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845809", "to_ids": true, "type": "sha256", "uuid": "af98ef0d-bb40-4d07-a09c-f2bae9f9c7d4", "value": "ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845810", "uuid": "c0c775a5-3da7-4a09-b2b3-401164eadeb0", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845810", "to_ids": false, "type": "datetime", "uuid": "1144ae7f-5675-47d6-97f0-df298c23cbb1", "value": "2018-09-11T06:12:03" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845810", "to_ids": false, "type": "link", "uuid": "c4d12609-ad7a-4cff-8bb6-259c956faaf7", "value": "https://www.virustotal.com/file/ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79/analysis/1536646323/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845811", "to_ids": false, "type": "text", "uuid": "bb80ca2b-f4ce-47e0-949f-c3b0b611c005", "value": "23/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845814", "uuid": "b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd", "ObjectReference": [ { "comment": "", "object_uuid": "b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd", "referenced_uuid": "526f5584-f6ca-47e3-9fa6-94a38edeac72", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-8a08-43ef-ae78-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845811", "to_ids": true, "type": "md5", "uuid": "f7ca2d2f-1a83-40d1-9a30-5b260fcc9677", "value": "218821892d5d5e460101d6914cfe2a3d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845811", "to_ids": true, "type": "sha1", "uuid": "017ab2ad-762b-4938-899c-fb88e0fbdf3f", "value": "1da48a03224df6397f2215cd6b79308dbda7cf86" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845812", "to_ids": true, "type": "sha256", "uuid": "16bdec95-3785-4f1c-90fd-fcbadfb1d962", "value": "dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845812", "uuid": "526f5584-f6ca-47e3-9fa6-94a38edeac72", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845812", "to_ids": false, "type": "datetime", "uuid": "db64872a-34a9-4bf5-adf4-a6aaa45cf956", "value": "2018-09-10T14:18:14" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845813", "to_ids": false, "type": "link", "uuid": "0a9bcc4e-e99a-4e38-9585-e27415770029", "value": "https://www.virustotal.com/file/dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18/analysis/1536589094/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845813", "to_ids": false, "type": "text", "uuid": "84e65e5c-1e5f-41ac-93c2-97f15f9a571d", "value": "16/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845816", "uuid": "3bd19fac-4ad2-4d33-b023-7359e714c116", "ObjectReference": [ { "comment": "", "object_uuid": "3bd19fac-4ad2-4d33-b023-7359e714c116", "referenced_uuid": "c28acd19-e6ca-4fa4-a444-c884b75c7a0a", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-df90-48f5-ab5d-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845813", "to_ids": true, "type": "md5", "uuid": "5211272c-e45a-4e2a-b7d7-f44dd3a97f2f", "value": "3df581337af37f4e66be5026062dcfb2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845814", "to_ids": true, "type": "sha1", "uuid": "02a982dc-3132-4fb9-a438-135834d82ad2", "value": "61116e2b1614cebeed29b489d699f4bbcf217fa3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845814", "to_ids": true, "type": "sha256", "uuid": "8318d0ed-0a8b-41fa-bf98-d3bf3def789a", "value": "52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845814", "uuid": "c28acd19-e6ca-4fa4-a444-c884b75c7a0a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845815", "to_ids": false, "type": "datetime", "uuid": "43e8d1b7-22fd-4ab9-899c-4473ad895757", "value": "2018-09-13T07:59:15" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845815", "to_ids": false, "type": "link", "uuid": "01ffe445-591f-4e55-bcb0-8bfbaebf687f", "value": "https://www.virustotal.com/file/52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2/analysis/1536825555/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845815", "to_ids": false, "type": "text", "uuid": "5c91c16b-b4f8-4c3a-b62b-236a1c911f46", "value": "20/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845818", "uuid": "832a413e-bc2f-47a6-b913-d9ae101ea8d0", "ObjectReference": [ { "comment": "", "object_uuid": "832a413e-bc2f-47a6-b913-d9ae101ea8d0", "referenced_uuid": "ef7a87c9-d339-48a4-a939-93db4c14e085", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-12b8-4ada-8011-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845816", "to_ids": true, "type": "md5", "uuid": "a1f0d49e-6e68-4c08-be68-f320a0713a8b", "value": "9387e4ce5b53ee19af2dafcf8c5aedd1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845816", "to_ids": true, "type": "sha1", "uuid": "406ab928-a441-477a-bed1-6d133db49dd0", "value": "8588546bc5ca10137fc6d2268085a2173a7638c8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845816", "to_ids": true, "type": "sha256", "uuid": "4312d2cd-6746-47c2-8402-dc367651e19d", "value": "ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845817", "uuid": "ef7a87c9-d339-48a4-a939-93db4c14e085", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845817", "to_ids": false, "type": "datetime", "uuid": "ceb2089f-f043-4d4b-84b0-744285914f35", "value": "2018-09-10T14:15:40" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845817", "to_ids": false, "type": "link", "uuid": "54a8e308-a2f0-4e97-9ecf-ca11a4f431a0", "value": "https://www.virustotal.com/file/ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e/analysis/1536588940/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845818", "to_ids": false, "type": "text", "uuid": "8387e690-d923-4f33-8cde-768ab505083f", "value": "18/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845821", "uuid": "fd8a9a4d-bf88-4db4-b070-cda698f7e250", "ObjectReference": [ { "comment": "", "object_uuid": "fd8a9a4d-bf88-4db4-b070-cda698f7e250", "referenced_uuid": "24952aa6-ab94-4152-af25-3437ccf8a6d4", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-826c-45ed-955a-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845818", "to_ids": true, "type": "md5", "uuid": "16038725-6ef8-4d9f-bb2d-98553f5a539c", "value": "75cbd3709696219b94d1355349348e84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845818", "to_ids": true, "type": "sha1", "uuid": "37f92afb-75b9-4004-8d82-f50e54f1c7bb", "value": "3a9a06a2f2efdf1fed10793fa7220730bc315af1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845819", "to_ids": true, "type": "sha256", "uuid": "2591a4c7-8eb8-420c-b803-6ccb85927671", "value": "49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845819", "uuid": "24952aa6-ab94-4152-af25-3437ccf8a6d4", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845819", "to_ids": false, "type": "datetime", "uuid": "69f9765e-d423-4a90-b910-952b150e503e", "value": "2018-09-13T01:26:10" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845820", "to_ids": false, "type": "link", "uuid": "740f1058-5283-4224-8dc0-44d8a81a9214", "value": "https://www.virustotal.com/file/49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f/analysis/1536801970/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845822", "to_ids": false, "type": "text", "uuid": "1c63801e-198c-46e3-9eb9-df05d0b1e755", "value": "22/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845825", "uuid": "8eff451c-0576-4361-b4a7-a4e2f7949bd5", "ObjectReference": [ { "comment": "", "object_uuid": "8eff451c-0576-4361-b4a7-a4e2f7949bd5", "referenced_uuid": "5f60eec5-1e31-47a7-a572-3c69ff9cbd7d", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-f9f0-4ea6-8209-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845822", "to_ids": true, "type": "md5", "uuid": "23052521-d9d0-4f1f-ae41-c7bc85337cef", "value": "af525f736a3d31837e16575136752d2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845822", "to_ids": true, "type": "sha1", "uuid": "f74635f9-c8e6-4bb6-8405-315bf7fc8b0f", "value": "adde5df82821d40c8821452f38704dc70f378eb9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845823", "to_ids": true, "type": "sha256", "uuid": "c2db3508-7027-4206-bf7d-790d0de1639d", "value": "68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845823", "uuid": "5f60eec5-1e31-47a7-a572-3c69ff9cbd7d", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845823", "to_ids": false, "type": "datetime", "uuid": "b91a61f5-ebae-4f5e-9556-0f4f47bebc45", "value": "2018-09-11T06:00:17" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845824", "to_ids": false, "type": "link", "uuid": "b64fd84b-850e-4cf1-8608-0e345e8ebaec", "value": "https://www.virustotal.com/file/68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35/analysis/1536645617/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845824", "to_ids": false, "type": "text", "uuid": "e1074a2c-3c90-45e1-aaed-fb41141987b3", "value": "25/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845827", "uuid": "b93e361e-6457-475a-8466-3229a898dd5d", "ObjectReference": [ { "comment": "", "object_uuid": "b93e361e-6457-475a-8466-3229a898dd5d", "referenced_uuid": "c0ada5f7-d274-4011-9a05-b1bdb2ebe146", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-29f8-45cf-9a57-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845824", "to_ids": true, "type": "md5", "uuid": "ef077428-fc14-4761-abd0-a949623e0601", "value": "6a6307b57a6baf33f9bf148b3fecd9a4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845825", "to_ids": true, "type": "sha1", "uuid": "fb23f52c-6c92-474e-bfe4-8cb86de4dd29", "value": "a6a3190afc1c87c98c3ba6b8c82c230b11a02565" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845825", "to_ids": true, "type": "sha256", "uuid": "fced4fb2-9e6c-44ce-a7f8-eebd108e22f0", "value": "f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845827", "uuid": "c0ada5f7-d274-4011-9a05-b1bdb2ebe146", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845827", "to_ids": false, "type": "datetime", "uuid": "7431f176-47a0-4aeb-a93a-b5b8aaa3155d", "value": "2018-09-10T14:19:02" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845828", "to_ids": false, "type": "link", "uuid": "b9f2a194-9392-41fd-9849-9953d0b6a129", "value": "https://www.virustotal.com/file/f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136/analysis/1536589142/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845828", "to_ids": false, "type": "text", "uuid": "767f6eaf-08b2-4b5e-929c-9cd867b9bebe", "value": "16/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845831", "uuid": "5eddfb2f-6cc7-461f-b6ce-136882e44252", "ObjectReference": [ { "comment": "", "object_uuid": "5eddfb2f-6cc7-461f-b6ce-136882e44252", "referenced_uuid": "50f46239-1bfb-4c67-aa7d-37f5d327db89", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-a2a8-4169-960b-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845829", "to_ids": true, "type": "md5", "uuid": "c25f357d-4aad-4aba-a3b2-9a73d3c0e3a1", "value": "9bcf535899fe77d4f3c78f3bd9810e10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845829", "to_ids": true, "type": "sha1", "uuid": "228aee38-f096-4d22-9f9b-32fbfe5f1bd8", "value": "0baafb0dc6ecefdda5c131e8128aa6ac698b7c1f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845829", "to_ids": true, "type": "sha256", "uuid": "7822ca46-7377-482b-b2e8-20c38e08bc48", "value": "d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845830", "uuid": "50f46239-1bfb-4c67-aa7d-37f5d327db89", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845830", "to_ids": false, "type": "datetime", "uuid": "39767421-d6e6-4589-aedd-6988492548f7", "value": "2018-09-11T06:10:07" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845830", "to_ids": false, "type": "link", "uuid": "ecc5384b-1a99-472c-a1fa-79c3d4bdb50e", "value": "https://www.virustotal.com/file/d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb/analysis/1536646207/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845831", "to_ids": false, "type": "text", "uuid": "2f4bbc93-4fc7-4d0e-9471-159600402a6b", "value": "23/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845834", "uuid": "1409de38-3c59-48e4-bc96-95e5d351ba78", "ObjectReference": [ { "comment": "", "object_uuid": "1409de38-3c59-48e4-bc96-95e5d351ba78", "referenced_uuid": "8c3716af-2702-42c0-af1d-ffb02e2e5418", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-fda8-45e8-8f7a-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845831", "to_ids": true, "type": "md5", "uuid": "3f132559-afa7-45f8-b101-6f2407c1ea01", "value": "e407843bffcf913dfd4fa816b067c33c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845831", "to_ids": true, "type": "sha1", "uuid": "b857cd3e-3130-4d71-bf46-79022bfbfb97", "value": "b73865efa77e07a75eb3bdd24d95a92b301a0a74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845832", "to_ids": true, "type": "sha256", "uuid": "6814140c-2867-4479-8a11-c5721c3fedc3", "value": "078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845832", "uuid": "8c3716af-2702-42c0-af1d-ffb02e2e5418", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845832", "to_ids": false, "type": "datetime", "uuid": "197fd2f8-187a-4dd4-827c-333abecba11e", "value": "2018-09-12T10:59:31" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845833", "to_ids": false, "type": "link", "uuid": "acd59703-f3e3-4fea-b989-174c2f4e44b4", "value": "https://www.virustotal.com/file/078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb/analysis/1536749971/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845833", "to_ids": false, "type": "text", "uuid": "cb23a3ca-b153-4074-bb77-1007af2b3d1b", "value": "22/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845836", "uuid": "a85d42ef-debd-451d-815b-ff5467bd75b2", "ObjectReference": [ { "comment": "", "object_uuid": "a85d42ef-debd-451d-815b-ff5467bd75b2", "referenced_uuid": "17cf418e-64b5-41ec-922b-54d42d0ee510", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-f358-469c-9909-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845833", "to_ids": true, "type": "md5", "uuid": "5b674651-7ab2-438c-af65-1fbd085d57cd", "value": "b324726c2a526fd98b06145b557408f0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845834", "to_ids": true, "type": "sha1", "uuid": "dd387ce9-ca8b-4771-a574-dc8b145e8273", "value": "95e7b1213aa808678cd04cd1befdebba8b37ebf7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845834", "to_ids": true, "type": "sha256", "uuid": "30047801-df88-48a4-9db1-cd5e7e2e0f8d", "value": "99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845835", "uuid": "17cf418e-64b5-41ec-922b-54d42d0ee510", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845835", "to_ids": false, "type": "datetime", "uuid": "c43399fa-212e-4d49-b8e4-16b9c17a87ee", "value": "2018-09-11T07:55:29" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845835", "to_ids": false, "type": "link", "uuid": "3b6822a4-4f37-4f1e-91be-01b076bbbbff", "value": "https://www.virustotal.com/file/99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348/analysis/1536652529/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845836", "to_ids": false, "type": "text", "uuid": "ba72f04f-02a5-49e6-aa16-29dd0e33b163", "value": "23/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845839", "uuid": "f04ab39a-7beb-4615-b61f-b246d5530a1d", "ObjectReference": [ { "comment": "", "object_uuid": "f04ab39a-7beb-4615-b61f-b246d5530a1d", "referenced_uuid": "9b32fc2b-5313-4b24-b254-76b77752b779", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-5948-4343-9d55-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845836", "to_ids": true, "type": "md5", "uuid": "ed4d5241-3e22-41e0-b358-baab230c5cd3", "value": "6b33b5c8d7e57e3c1c674eb1ffaf2cb2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845836", "to_ids": true, "type": "sha1", "uuid": "8bd13ed2-bcfe-47a1-b96c-8f7be1712bcf", "value": "8606fd59486682c5fe32e3b1d1df622922e734e8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845837", "to_ids": true, "type": "sha256", "uuid": "3edc73a1-1098-4602-a14d-ff55c548e11a", "value": "aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845837", "uuid": "9b32fc2b-5313-4b24-b254-76b77752b779", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845837", "to_ids": false, "type": "datetime", "uuid": "9aae846b-805c-430a-9fc3-855881423ded", "value": "2018-09-10T09:43:09" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845838", "to_ids": false, "type": "link", "uuid": "207f6dfe-b3ac-41ec-8363-228ac90d09c7", "value": "https://www.virustotal.com/file/aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6/analysis/1536572589/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845838", "to_ids": false, "type": "text", "uuid": "0677f378-8f0c-4473-a74b-505cc2a6cad0", "value": "24/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845841", "uuid": "01a176a0-f1c1-4ead-8cc6-a657d617f57d", "ObjectReference": [ { "comment": "", "object_uuid": "01a176a0-f1c1-4ead-8cc6-a657d617f57d", "referenced_uuid": "499422cf-0c27-46f7-9926-fbabf396ce2f", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-b830-4ca9-91da-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845838", "to_ids": true, "type": "md5", "uuid": "6cc764a0-17d7-41b8-8f8e-f00b527fd538", "value": "d26bf0c4bef27196aae4b0b533877f16" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845839", "to_ids": true, "type": "sha1", "uuid": "85a983e4-cfa1-41d9-8380-b55d3a39a782", "value": "96575a020408a67d03d0058735090d601df2e1a8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845839", "to_ids": true, "type": "sha256", "uuid": "e1309772-7098-4488-b7f9-13cf48d42cb4", "value": "d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845840", "uuid": "499422cf-0c27-46f7-9926-fbabf396ce2f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845840", "to_ids": false, "type": "datetime", "uuid": "c75451f3-6f0d-436d-a3cf-f526d6f2b115", "value": "2018-09-10T13:23:05" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845840", "to_ids": false, "type": "link", "uuid": "9147ab65-176e-4e95-a4ae-1a21d12d51a9", "value": "https://www.virustotal.com/file/d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397/analysis/1536585785/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845840", "to_ids": false, "type": "text", "uuid": "034e3e61-12fc-4acf-8974-1301ef7d8113", "value": "19/60" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845843", "uuid": "11eb620d-cf54-4826-a5e1-cd47cf0c42c8", "ObjectReference": [ { "comment": "", "object_uuid": "11eb620d-cf54-4826-a5e1-cd47cf0c42c8", "referenced_uuid": "3a5d4ca6-6c1c-45c8-b969-f42e24018080", "relationship_type": "analysed-with", "timestamp": "1536845855", "uuid": "5b9a681f-14c0-4ec9-8e36-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845841", "to_ids": true, "type": "md5", "uuid": "8c7dd80b-47b8-4abb-b9e1-3e6b147863d3", "value": "f8e0ec8a7c6629c2f206c2b8860ded3f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845841", "to_ids": true, "type": "sha1", "uuid": "514d9ac2-0c72-463d-a9d5-e9ef7a3d940e", "value": "9d00562ca754411b4158d4e0e953e486cc4b3886" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845841", "to_ids": true, "type": "sha256", "uuid": "2aa6e597-3ddf-4c44-bba5-584e62da9a95", "value": "596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845842", "uuid": "3a5d4ca6-6c1c-45c8-b969-f42e24018080", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845842", "to_ids": false, "type": "datetime", "uuid": "f757360f-d424-412b-9e62-c6c4ef056a61", "value": "2018-09-11T05:10:56" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845842", "to_ids": false, "type": "link", "uuid": "164f4b29-d0f9-4c29-adde-2b124d558914", "value": "https://www.virustotal.com/file/596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99/analysis/1536642656/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845843", "to_ids": false, "type": "text", "uuid": "fca216f8-84e9-4497-9ad3-090cb3a399ed", "value": "22/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845846", "uuid": "25927348-f7e5-4c73-bb65-1a697c164887", "ObjectReference": [ { "comment": "", "object_uuid": "25927348-f7e5-4c73-bb65-1a697c164887", "referenced_uuid": "bd12dbfb-3c97-438b-9431-b91856a77007", "relationship_type": "analysed-with", "timestamp": "1536845856", "uuid": "5b9a6820-7818-48a1-996d-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845843", "to_ids": true, "type": "md5", "uuid": "200b3234-0071-4ea5-b637-91ed9c395374", "value": "d1dffadb8f075c8d4fe822fa81a3ddb1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845843", "to_ids": true, "type": "sha1", "uuid": "50ac9f18-7f97-456e-8e90-e693800ba23f", "value": "c90535a54d0494b981c6a4f09b331762cebbfcc9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845844", "to_ids": true, "type": "sha256", "uuid": "9d2d0189-c490-46f6-8f74-ac51ad156e1c", "value": "fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845844", "uuid": "bd12dbfb-3c97-438b-9431-b91856a77007", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845844", "to_ids": false, "type": "datetime", "uuid": "4dcd8a36-6411-416b-aba9-64c1818398cb", "value": "2018-09-11T05:09:31" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845845", "to_ids": false, "type": "link", "uuid": "aac80e1e-6cdc-467f-8771-7e72effbc129", "value": "https://www.virustotal.com/file/fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3/analysis/1536642571/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845845", "to_ids": false, "type": "text", "uuid": "08caff6d-2bd9-48af-8850-d27b75126967", "value": "24/60" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845848", "uuid": "cd8a9a3f-2459-42e5-a868-efddc1ea6ac4", "ObjectReference": [ { "comment": "", "object_uuid": "cd8a9a3f-2459-42e5-a868-efddc1ea6ac4", "referenced_uuid": "bfd604f5-f81f-4c06-a20b-776c02c983e0", "relationship_type": "analysed-with", "timestamp": "1536845856", "uuid": "5b9a6820-f2bc-43d7-98ae-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845845", "to_ids": true, "type": "md5", "uuid": "bd155f2d-f96c-492d-8e9c-5e4adfb48608", "value": "943aa993dd600b3c8080e7a064cf5568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845846", "to_ids": true, "type": "sha1", "uuid": "2338e0e8-ce5a-45c1-a35a-1978523eb720", "value": "9828898850d3e69d16b8ff312635e95ecf4478e9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845846", "to_ids": true, "type": "sha256", "uuid": "1fe7c59b-3198-41d9-95ce-71a3b1e0134f", "value": "39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845846", "uuid": "bfd604f5-f81f-4c06-a20b-776c02c983e0", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845847", "to_ids": false, "type": "datetime", "uuid": "771d6784-63d7-403d-aeb5-a20134c399f2", "value": "2018-09-11T05:54:54" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845847", "to_ids": false, "type": "link", "uuid": "b3fa45af-080f-4132-a8de-4c8f487f2a2c", "value": "https://www.virustotal.com/file/39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6/analysis/1536645294/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845848", "to_ids": false, "type": "text", "uuid": "edc16cb6-6700-4b30-99be-5f415c0f498c", "value": "23/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845851", "uuid": "41a04017-73fb-4631-887a-0671543e7f41", "ObjectReference": [ { "comment": "", "object_uuid": "41a04017-73fb-4631-887a-0671543e7f41", "referenced_uuid": "bda04530-cb00-4b96-b39a-8a9f8e68e4b7", "relationship_type": "analysed-with", "timestamp": "1536845856", "uuid": "5b9a6820-e120-474a-83b9-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845848", "to_ids": true, "type": "md5", "uuid": "5e987d5f-9482-43b6-a143-695f249619b1", "value": "dd0d4d4196735db691a77ad2201fcb2a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845848", "to_ids": true, "type": "sha1", "uuid": "1e7d6f9b-b5a9-4f4f-8843-3bd6ba414303", "value": "2e9676699462fbb3b36ad205a8189e93fd68599e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845849", "to_ids": true, "type": "sha256", "uuid": "d76987d4-a5ea-4263-9d02-fb2f87bf7e59", "value": "1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845849", "uuid": "bda04530-cb00-4b96-b39a-8a9f8e68e4b7", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845849", "to_ids": false, "type": "datetime", "uuid": "5d064180-dde6-47df-9e92-52108e0b2c1b", "value": "2018-09-11T05:50:49" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845849", "to_ids": false, "type": "link", "uuid": "0a7cb0a0-13d8-40d4-9e47-8f273ce41258", "value": "https://www.virustotal.com/file/1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208/analysis/1536645049/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845850", "to_ids": false, "type": "text", "uuid": "d0ec1e2b-44aa-4792-9faf-1a294393e2a5", "value": "21/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845853", "uuid": "a4c7f3b3-28f7-48c2-ba26-e788139df68d", "ObjectReference": [ { "comment": "", "object_uuid": "a4c7f3b3-28f7-48c2-ba26-e788139df68d", "referenced_uuid": "6aa5bf4e-0751-467c-b327-1883ce155cb3", "relationship_type": "analysed-with", "timestamp": "1536845856", "uuid": "5b9a6820-4708-47e8-aa56-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845850", "to_ids": true, "type": "md5", "uuid": "33a93805-349c-4392-a213-6cb10de17bb5", "value": "f6388e1650573bac1f933011acda71f2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845850", "to_ids": true, "type": "sha1", "uuid": "7079eea2-2c3d-452e-a23e-668554d791d6", "value": "86e7114c21dfdbcefd90f61426b9ce88d2698b12" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845851", "to_ids": true, "type": "sha256", "uuid": "5d0390f9-f8e8-4c16-9d17-8cf726a524be", "value": "1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845851", "uuid": "6aa5bf4e-0751-467c-b327-1883ce155cb3", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845851", "to_ids": false, "type": "datetime", "uuid": "127ea910-669d-448c-962d-5688970e3f1c", "value": "2018-09-11T05:50:55" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845852", "to_ids": false, "type": "link", "uuid": "9e604b76-733e-41a3-a577-cebe99f787b6", "value": "https://www.virustotal.com/file/1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669/analysis/1536645055/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845852", "to_ids": false, "type": "text", "uuid": "5052f9c6-992e-4ea7-a3c0-8c9e1b4c3e16", "value": "21/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1536845855", "uuid": "0ac97056-2d5a-45ae-876d-966288ca2ba9", "ObjectReference": [ { "comment": "", "object_uuid": "0ac97056-2d5a-45ae-876d-966288ca2ba9", "referenced_uuid": "7a81dcbd-cd16-405c-b04c-04b5aab112bf", "relationship_type": "analysed-with", "timestamp": "1536845856", "uuid": "5b9a6820-a974-4109-a59b-5c7502de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1536845852", "to_ids": true, "type": "md5", "uuid": "b47f0fe1-6c02-4910-8e9f-4ae22f6bc35f", "value": "2b0919caab591515af6ff99fb76896e8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1536845853", "to_ids": true, "type": "sha1", "uuid": "c2454b24-2987-48af-b70d-18dccf77a3f4", "value": "99ff9c25bc2e0a874ca4090abb6c612ea984c30c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1536845853", "to_ids": true, "type": "sha256", "uuid": "da68a596-5e3a-431c-bf26-a4f92fc63273", "value": "92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1536845854", "uuid": "7a81dcbd-cd16-405c-b04c-04b5aab112bf", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1536845854", "to_ids": false, "type": "datetime", "uuid": "4f66e666-cc07-49b1-95d4-649d6b094a43", "value": "2018-09-12T01:40:46" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1536845854", "to_ids": false, "type": "link", "uuid": "8ec552cc-d839-4117-a6e0-824ba5d25e68", "value": "https://www.virustotal.com/file/92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1/analysis/1536716446/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1536845855", "to_ids": false, "type": "text", "uuid": "26b9502d-8ad2-45bf-b828-6b68cba58d6b", "value": "23/59" } ] } ] } }