{ "Event": { "analysis": "2", "date": "2017-05-09", "extends_uuid": "", "info": "OSINT - Persirai: New Internet of Things (IoT) Botnet Targets IP Cameras", "publish_timestamp": "1538680515", "published": true, "threat_level_id": "3", "timestamp": "1538680509", "uuid": "5bb61071-d0ac-4b8a-8bba-4dc8950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#22681c", "local": "0", "name": "malware_classification:malware-category=\"Botnet\"", "relationship_type": "" }, { "colour": "#22681c", "local": "0", "name": "\tmalware_classification:malware-category=\"Botnet\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:botnet=\"Persirai\"", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1538658669", "to_ids": false, "type": "link", "uuid": "5bb610da-7840-4316-b213-4905950d210f", "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1538659027", "to_ids": false, "type": "text", "uuid": "5bb612ca-8a64-47a5-a459-485e950d210f", "value": "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai\u00e2\u20ac\u201dan open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras\u00e2\u20ac\u201das well as the Hajime botnet.\r\n\r\nWe detected approximately 120,000 IP cameras that are vulnerable to ELF_PERSIRAI.A via Shodan. Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet.", "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1538660153", "to_ids": true, "type": "hostname", "uuid": "5bb61739-32dc-44d3-bcf5-4c6d950d210f", "value": "load.gtpnet.ir" }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1538660154", "to_ids": true, "type": "hostname", "uuid": "5bb6173a-5bc8-4746-a7fd-425f950d210f", "value": "ntp.gtpnet.ir" }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1538660159", "to_ids": true, "type": "ip-dst", "uuid": "5bb6173f-60ec-47c3-b5da-4bd0950d210f", "value": "185.62.189.232" }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1538660160", "to_ids": true, "type": "ip-dst", "uuid": "5bb61740-c0f8-4087-9811-4f8b950d210f", "value": "95.85.38.103" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660867", "to_ids": true, "type": "sha256", "uuid": "5bb61a03-6aa4-4b22-9f78-4283950d210f", "value": "d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660868", "to_ids": true, "type": "sha256", "uuid": "5bb61a04-0544-461d-9635-46d1950d210f", "value": "f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660868", "to_ids": true, "type": "sha256", "uuid": "5bb61a04-a6d4-4105-aae4-43c6950d210f", "value": "af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660869", "to_ids": true, "type": "sha256", "uuid": "5bb61a05-85f4-4a0e-92c5-4370950d210f", "value": "aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660869", "to_ids": true, "type": "sha256", "uuid": "5bb61a05-8904-4c4f-8a5a-4942950d210f", "value": "4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660873", "to_ids": true, "type": "sha256", "uuid": "5bb61a09-8e34-41ee-a78d-4e7e950d210f", "value": "44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660876", "to_ids": true, "type": "sha256", "uuid": "5bb61a0c-14e8-4a85-ba0d-4311950d210f", "value": "a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660877", "to_ids": true, "type": "sha256", "uuid": "5bb61a0d-1720-4ec2-a1f0-4b6a950d210f", "value": "7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660877", "to_ids": true, "type": "sha256", "uuid": "5bb61a0d-0208-4bc2-959a-42e2950d210f", "value": "4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660878", "to_ids": true, "type": "sha256", "uuid": "5bb61a0e-500c-4155-825b-452b950d210f", "value": "264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660878", "to_ids": true, "type": "sha256", "uuid": "5bb61a0e-dd6c-4fa2-b250-42c4950d210f", "value": "ff5db7bdb4de17a77bd4a552f50f0e5488281cedc934fc3707833f90484ef66c" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660879", "to_ids": true, "type": "sha256", "uuid": "5bb61a0f-b75c-4b10-b14b-4d3d950d210f", "value": "ec2c39f1dfb75e7b33daceaeda4dbadb8efd9015a9b7e41d595bb28d2cd0180f" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660879", "to_ids": true, "type": "sha256", "uuid": "5bb61a0f-06f0-4fb1-82eb-4ab6950d210f", "value": "f736948bb4575c10a3175f0078a2b5d36cce1aa4cd635307d03c826e305a7489" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660880", "to_ids": true, "type": "sha256", "uuid": "5bb61a10-ab00-4133-8296-4a96950d210f", "value": "e0b5c9f874f260c840766eb23c1f69828545d7820f959c8601c41c024044f02c" }, { "category": "Payload delivery", "comment": "Hash detected as ELF_PERSIRAI.A:", "deleted": false, "disable_correlation": false, "timestamp": "1538660880", "to_ids": true, "type": "sha256", "uuid": "5bb61a10-469c-473e-ba93-459b950d210f", "value": "35317971e346e5b2a8401b2e66b9e62e371ce9532f816cb313216c3647973c32" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680318", "uuid": "f309283e-f9b3-4936-9534-ef6866f23c40", "ObjectReference": [ { "comment": "", "object_uuid": "f309283e-f9b3-4936-9534-ef6866f23c40", "referenced_uuid": "c32be2ac-252d-404e-a391-de2bec4acaf7", "relationship_type": "analysed-with", "timestamp": "1538680347", "uuid": "5bb6661b-9cdc-4ffe-a798-454602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680315", "to_ids": true, "type": "md5", "uuid": "24b52a67-d588-4d4f-acc6-531cc4b9e2f3", "value": "2f6e964b3f63b13831314c28185bb51a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680315", "to_ids": true, "type": "sha1", "uuid": "03ef9eff-ea8a-4dba-92ea-ea7658ad001d", "value": "a63417b889491466c912dfbb6d2a34ad27f2bcfe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680316", "to_ids": true, "type": "sha256", "uuid": "40ff1cf2-3498-4c1a-a0ef-3278217d10c8", "value": "7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680316", "uuid": "c32be2ac-252d-404e-a391-de2bec4acaf7", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680316", "to_ids": false, "type": "datetime", "uuid": "7815ca32-703b-430e-a06f-dfb802b2617c", "value": "2018-10-04T00:29:01" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680317", "to_ids": false, "type": "link", "uuid": "b872dfe2-e6a4-46be-93cb-d2d39c54e961", "value": "https://www.virustotal.com/file/7d7aaa8c9a36324a2c5e9b0a3440344502f28b90776baa6b8dac7ac88a83aef0/analysis/1538612941/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680317", "to_ids": false, "type": "text", "uuid": "b977ae27-2ed8-42ea-af35-31fa7d975feb", "value": "27/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680320", "uuid": "12ef2bb3-f2ac-4266-b693-27631eae3930", "ObjectReference": [ { "comment": "", "object_uuid": "12ef2bb3-f2ac-4266-b693-27631eae3930", "referenced_uuid": "9d4269eb-edc5-4513-9cdc-fedcf13523d5", "relationship_type": "analysed-with", "timestamp": "1538680347", "uuid": "5bb6661b-76bc-4361-abf0-432602de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680317", "to_ids": true, "type": "md5", "uuid": "33282f75-099d-48b4-ae83-f7c5540f0d88", "value": "428111c22627e1d4ee87705251704422" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680318", "to_ids": true, "type": "sha1", "uuid": "cc39a8ec-e498-47b9-9552-7961e7a39a7c", "value": "ccc90bd76af9d4b538aa88715027dd062f7c946d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680318", "to_ids": true, "type": "sha256", "uuid": "4e2e9831-6f05-40a8-af03-0eb900d88168", "value": "264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680319", "uuid": "9d4269eb-edc5-4513-9cdc-fedcf13523d5", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680319", "to_ids": false, "type": "datetime", "uuid": "836c2dac-1246-4175-a7ac-ad7a3246570e", "value": "2018-10-04T00:35:09" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680319", "to_ids": false, "type": "link", "uuid": "34afc7f8-f731-4458-bea0-0a620d0b2948", "value": "https://www.virustotal.com/file/264e5a7ce9ca7ce7a495ccb02e8f268290fcb1b3e1b05f87d3214b26b0ea9adc/analysis/1538613309/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680320", "to_ids": false, "type": "text", "uuid": "42f732a2-5783-4fe1-bf28-a299f63a6f65", "value": "30/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680323", "uuid": "f2c1f63f-9a45-43a5-b5f0-aa338180c6a0", "ObjectReference": [ { "comment": "", "object_uuid": "f2c1f63f-9a45-43a5-b5f0-aa338180c6a0", "referenced_uuid": "f27c2edf-b64f-4038-a3a9-d326a05177bd", "relationship_type": "analysed-with", "timestamp": "1538680347", "uuid": "5bb6661b-2fa0-4d10-8d8b-461402de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680320", "to_ids": true, "type": "md5", "uuid": "90e70da4-695a-45d8-beba-5a744c3c8f43", "value": "9584b6aec418a2af4efac24867a8c7ec" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680320", "to_ids": true, "type": "sha1", "uuid": "e38ba7bd-f315-440f-873d-62d3bf4d8e31", "value": "22a8faf351768596500dbe6e27c05ad55744da1d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680321", "to_ids": true, "type": "sha256", "uuid": "2b2cf022-706f-4082-89a4-0482e9989d61", "value": "af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680321", "uuid": "f27c2edf-b64f-4038-a3a9-d326a05177bd", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680321", "to_ids": false, "type": "datetime", "uuid": "28299833-823a-4fae-9d26-936806282829", "value": "2018-08-28T00:22:07" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680322", "to_ids": false, "type": "link", "uuid": "a8b600ec-a940-4775-8d5a-da5e6fb40637", "value": "https://www.virustotal.com/file/af4aa29d6e3fce9206b0d21b09b7bc40c3a2128bc5eb02ff239ed2f3549532bb/analysis/1535415727/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680322", "to_ids": false, "type": "text", "uuid": "6ab72e91-286a-4e59-aed6-7ba109b77661", "value": "31/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680325", "uuid": "9c0321a0-cf1b-4f6b-b67a-69d45877e2d9", "ObjectReference": [ { "comment": "", "object_uuid": "9c0321a0-cf1b-4f6b-b67a-69d45877e2d9", "referenced_uuid": "1883c73d-680a-4623-9b78-42cfeb491f5b", "relationship_type": "analysed-with", "timestamp": "1538680347", "uuid": "5bb6661b-fb6c-484f-9d6f-453802de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680322", "to_ids": true, "type": "md5", "uuid": "2bbd9a12-d0ba-4cdc-9f04-a740655d4fdd", "value": "5ebeff1f005804bb8afef91095aac1d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680323", "to_ids": true, "type": "sha1", "uuid": "54d8241a-dafa-41f0-a3b5-f9458d39ebc2", "value": "c92e07faaad26b4ac98f9cc0c5a24e60dcb25b8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680323", "to_ids": true, "type": "sha256", "uuid": "b016facb-e211-486f-aa12-dfee52ccc67d", "value": "4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680324", "uuid": "1883c73d-680a-4623-9b78-42cfeb491f5b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680324", "to_ids": false, "type": "datetime", "uuid": "8f277ab7-05c6-46f8-909c-f3381f65afbc", "value": "2018-10-04T00:40:15" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680327", "to_ids": false, "type": "link", "uuid": "656ad417-eede-4da8-b924-d1ac777d5cbe", "value": "https://www.virustotal.com/file/4a5d00f91a5bb2b6b89ccdabc6c13eab97ede5848275513ded7dfd5803b1074b/analysis/1538613615/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680328", "to_ids": false, "type": "text", "uuid": "6b003f1f-e035-40ad-8331-3e79a4f9ed2e", "value": "30/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680331", "uuid": "36dd4a13-9d43-48b4-b035-a1dd57e1daa8", "ObjectReference": [ { "comment": "", "object_uuid": "36dd4a13-9d43-48b4-b035-a1dd57e1daa8", "referenced_uuid": "077ee3b9-3db4-4025-957b-3944d40c17d7", "relationship_type": "analysed-with", "timestamp": "1538680348", "uuid": "5bb6661c-f1c4-4077-8955-4c4b02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680328", "to_ids": true, "type": "md5", "uuid": "608de87a-577c-45ba-9efc-633bfba9804e", "value": "f620fb57352e6f393477a65101a4612e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680329", "to_ids": true, "type": "sha1", "uuid": "2b1110b2-34e6-4efa-ad16-8ddffc43ccdf", "value": "93515d7442d0240272b8d813b300219c53e88dfd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680329", "to_ids": true, "type": "sha256", "uuid": "e8d8bd28-4c6b-4f2f-94a8-91469cc7bff2", "value": "a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680330", "uuid": "077ee3b9-3db4-4025-957b-3944d40c17d7", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680330", "to_ids": false, "type": "datetime", "uuid": "3feaaa6c-1944-4d54-b928-151e02b9ba75", "value": "2018-08-19T23:46:42" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680333", "to_ids": false, "type": "link", "uuid": "4456021c-dde7-45e4-bb39-a42c628b0d31", "value": "https://www.virustotal.com/file/a58769740a750a8b265df65a5b143a06972af2e7d82c5040d908e71474cbaf92/analysis/1534722402/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680334", "to_ids": false, "type": "text", "uuid": "e23bb428-95e6-414a-a60f-e666d298495e", "value": "27/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680337", "uuid": "c0fc4a1e-cd67-415a-b8b9-3b8624427435", "ObjectReference": [ { "comment": "", "object_uuid": "c0fc4a1e-cd67-415a-b8b9-3b8624427435", "referenced_uuid": "d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa", "relationship_type": "analysed-with", "timestamp": "1538680348", "uuid": "5bb6661c-54f8-4679-a815-47b902de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680334", "to_ids": true, "type": "md5", "uuid": "9ff1aa13-17c4-4fea-9fde-e0a7ea8d4705", "value": "912681f6be51afa8c5ab36e691b88e74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680334", "to_ids": true, "type": "sha1", "uuid": "ded05480-3857-4ced-9d85-0ab4339eb47a", "value": "227d1aa69da8250ddbf8898863799e59bdfeb516" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680335", "to_ids": true, "type": "sha256", "uuid": "9417d718-1a7e-4b30-ad2a-45d97bf24356", "value": "f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680335", "uuid": "d406e905-e3a5-4d16-b1d2-bc3e6ef6d1fa", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680335", "to_ids": false, "type": "datetime", "uuid": "9da3df4d-2a97-4c0f-b9a8-4ee1e3bf41fa", "value": "2018-08-28T00:21:20" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680336", "to_ids": false, "type": "link", "uuid": "791bd56a-7de3-419e-9984-b3b8f1126ec6", "value": "https://www.virustotal.com/file/f974695ae560c6f035e089271ee33a84bebeb940be510ab5066ee958932e310a/analysis/1535415680/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680336", "to_ids": false, "type": "text", "uuid": "620bf26e-ce72-408a-a9fb-29c061e257be", "value": "30/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680339", "uuid": "7d2c9249-f40e-495c-8f96-64b18ab129e0", "ObjectReference": [ { "comment": "", "object_uuid": "7d2c9249-f40e-495c-8f96-64b18ab129e0", "referenced_uuid": "41d50336-ea44-4a0b-8e2a-4d5daee47a96", "relationship_type": "analysed-with", "timestamp": "1538680348", "uuid": "5bb6661c-ced4-4bd5-9664-4d1302de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680336", "to_ids": true, "type": "md5", "uuid": "c926ea2c-261d-4ef5-8257-022da8dd3f46", "value": "7e1c3834c38984c34b6fd4c741ae3a21" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680337", "to_ids": true, "type": "sha1", "uuid": "353bad47-ebcb-4db4-815b-f8fdb0be4b50", "value": "02b850450fcbcdd6b13f03b2121f124543480d62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680337", "to_ids": true, "type": "sha256", "uuid": "83d952e9-99fa-45c8-99be-6194f4833034", "value": "d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680338", "uuid": "41d50336-ea44-4a0b-8e2a-4d5daee47a96", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680338", "to_ids": false, "type": "datetime", "uuid": "50679951-11f3-4163-bca3-c1a71fc25d9f", "value": "2018-10-04T00:51:35" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680338", "to_ids": false, "type": "link", "uuid": "6a957d87-5bf5-4e47-9901-533d3be74a57", "value": "https://www.virustotal.com/file/d00b79a0b47ae38b2d6fbbf994a2075bc70dc88142536f283e8447ed03917e45/analysis/1538614295/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680339", "to_ids": false, "type": "text", "uuid": "b95271c3-bd73-4a19-ac07-58509fbe8fc6", "value": "27/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680342", "uuid": "5e99dc31-7b8e-4fc0-b6d2-76c97386fddb", "ObjectReference": [ { "comment": "", "object_uuid": "5e99dc31-7b8e-4fc0-b6d2-76c97386fddb", "referenced_uuid": "3d0cb0cc-5992-44bd-908d-608dfa518175", "relationship_type": "analysed-with", "timestamp": "1538680348", "uuid": "5bb6661c-00d0-4b29-aeaa-47f902de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680339", "to_ids": true, "type": "md5", "uuid": "40667cb7-b99a-4184-9a36-bdcaf1368400", "value": "b2b129d84723d0ba2f803a546c8b19ae" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680339", "to_ids": true, "type": "sha1", "uuid": "de0721c4-14d6-4c3c-8b0c-74a414f55360", "value": "7a0485e52aa09f63d41e471fd736584c06c3dab6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680340", "to_ids": true, "type": "sha256", "uuid": "6f071f79-d240-4035-953b-3170c06b89c1", "value": "44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680340", "uuid": "3d0cb0cc-5992-44bd-908d-608dfa518175", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680340", "to_ids": false, "type": "datetime", "uuid": "a6d21e1e-4762-45a8-8397-1e40b79d6f0a", "value": "2018-09-18T19:47:01" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680341", "to_ids": false, "type": "link", "uuid": "25405b32-6b81-42dc-a247-ebc03f770730", "value": "https://www.virustotal.com/file/44620a09441305f592fb65d606958611f90e85b62b7ef7149e613d794df3a778/analysis/1537300021/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680341", "to_ids": false, "type": "text", "uuid": "85bba342-833d-452d-ae52-93ca69be210c", "value": "28/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680344", "uuid": "ed841816-818e-4245-b6dd-f2309f700681", "ObjectReference": [ { "comment": "", "object_uuid": "ed841816-818e-4245-b6dd-f2309f700681", "referenced_uuid": "249cc05d-c4f2-49e8-a6a1-7fb0437d810d", "relationship_type": "analysed-with", "timestamp": "1538680348", "uuid": "5bb6661c-e168-41ba-9dad-49e902de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680341", "to_ids": true, "type": "md5", "uuid": "06167403-7850-4f72-beef-9c58f7efa820", "value": "cfb80e0b1e3927ebc1069b8fdc468072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680342", "to_ids": true, "type": "sha1", "uuid": "04f39242-2c21-4b18-af64-c5e8a21b9635", "value": "64bd5ba88d7e7104dc1a5586171e83825815362d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680342", "to_ids": true, "type": "sha256", "uuid": "20c1c44e-003c-4093-b594-6ded9eeca681", "value": "4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680344", "uuid": "249cc05d-c4f2-49e8-a6a1-7fb0437d810d", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680344", "to_ids": false, "type": "datetime", "uuid": "960ff2ae-bf7a-49c3-ab42-4134855d21d9", "value": "2018-10-01T16:00:37" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680344", "to_ids": false, "type": "link", "uuid": "146485a6-71f5-41d8-800b-4ac4f679f33b", "value": "https://www.virustotal.com/file/4a5ff1def77deb11ddecd10f96e4a1de69291f2f879cd83186c6b3fc20bb009a/analysis/1538409637/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680345", "to_ids": false, "type": "text", "uuid": "b5bc8306-34a2-4eb6-9dd5-893115f7c124", "value": "30/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1538680348", "uuid": "e379a5ec-5b7a-48c0-ad91-c00272e066c8", "ObjectReference": [ { "comment": "", "object_uuid": "e379a5ec-5b7a-48c0-ad91-c00272e066c8", "referenced_uuid": "bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b", "relationship_type": "analysed-with", "timestamp": "1538680348", "uuid": "5bb6661c-4778-45ae-a8a3-460102de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1538680345", "to_ids": true, "type": "md5", "uuid": "68d4af39-d36f-4203-adca-0e8aaf59a19e", "value": "10d899e46e0df86ba6e6a4754de331d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1538680345", "to_ids": true, "type": "sha1", "uuid": "5ac792b2-96eb-41ce-a68b-57c2f740e5b5", "value": "29aabf21557507699503251e8e19ff77ee61f1bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1538680346", "to_ids": true, "type": "sha256", "uuid": "2c2142c5-23e4-42b8-92e1-7427af655547", "value": "aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1538680346", "uuid": "bf3cb4e2-3ce7-4abb-b77a-91e1fa59320b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1538680346", "to_ids": false, "type": "datetime", "uuid": "0911b7f8-578a-470b-a17b-1d302ea16696", "value": "2018-10-04T00:21:25" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1538680347", "to_ids": false, "type": "link", "uuid": "b3cc844b-5bf3-4cb8-b122-eee753b95a86", "value": "https://www.virustotal.com/file/aa443f81cbba72e1692246b5647a9278040400a86afc8e171f54577dc9324f61/analysis/1538612485/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1538680347", "to_ids": false, "type": "text", "uuid": "dd676758-854f-4bee-b4b2-4942e2c6efc7", "value": "28/58" } ] } ] } }